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Efficient  Protocols  for  Attaining  Common 
Knowledge  and  Simultaneous  Byzantine  Agreement 

Ruben  Michel 


Abstract 

Motivated  by  recent  research  in  the  problems  of  attaining  Common 
Knowledge  and  Simultaneous  Byzantine  Agreement  in  the  crash  and  omis¬ 
sion  models,  we  study  these  problems  in  a  more  malicious  scenario  where 
incorrect  processors  may  transmit  arbitrary  messages. 

This  paper  introduces  the  notion  of  common  knowledge  informative  pro¬ 
tocols,  which  are  protocols  that  attain,  in  a  way,  maximal  common  knowl¬ 
edge.  After  characterizing  these  protocols  we  design  a  common  knowledge 
informative  protocol  which  is  maximally  communication  efficient  according 
to  various  natural  complexity  measures. 

This  protocol  allows  us  to  derive  a  worst  case  exponential  lower  bound 
on  the  number  of  bits-  that  correct  processors  transmit  in  runs  of  common 
knowledge  informative  protocols  and  in  runs  of  protocols  which  attain  an 
eager  type  of  Simultaneous  Byzantine  Agreement. 

1  Introduction 

The  interest  in  designing  protocols  for  distributed  networks  and  for  multiprocessor 
computers  is  a  direct  consequence  of  the  increasing  usage  and  popularity  of  these 
systems. 

As  observed  in  various  recent  papers,  such  as  [DM],  [FI],  [HM]  and  [MT], 
the  classical  notion  of  common  knowledge  emerges  naturally  from  the  study  of 
coordination  and  simultaneity  in  multiparticipant  systems.  Roughly  speaking,  a 
fact  is  common  knowledge  if  it  is  true,  the  participants  know  it,  the  participants 
know  that  the  participants  know  it,  and  so  forth.  In  a  way,  common  knowledge 
plays  the  role  of  a  virtual  shared  memory  in  systems  in  which  memory  allocation 
is  primarily  local. 

This  work  was  supported  in  part  by  the  Office  of  Naval  Research  under  Grant  N00014-82- 
K-015-4 
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We  analyze  the  problem  of  attaining  common  knowledge  in  a  standard  network 
which  is  fully  connected,  synchronous,  and  in  which  some  processors  are  faulty.  A 
faulty  processor  may  transmit  arbitrary  messages  only  during  a  single  tick  of  the 
clock  -  a  round.  The  faulty  processor  is  correct  before  that  round  and  it  does  not 
transmit  at  all  thereafter.  This  is,  in  effect,  a  single  round  Byzantine  behavior. 
Our  approach  generalizes  to  more  complicated  failure  patterns  and  it  extends  to 
related  problems  such  as  attaining  knowledge  in  distributed  systems  and  achieving 
Simultaneous  Byzantine  Agreement. 

.A.fter  presenting  our  model  for  the  distributed  system  -  which  closely  resembles 
the  classical  model  in  [PSL]  -  we  introduce  the  notion  of  a  common  knowledge 
informative  protocol,  ck-in for  motive  for  short.  The  first  approach  that  we  consider 
is  to  let  a  protocol  be  ck-informative  if  some  basic  facts  become  common  knowledge 
as  early  as  possible  to  processors  following  that  protocol.  This  approach  yields 
interesting  results  in  both  the  crash  model  and  the  omission  model  (cf.  [MT]). 
Unfortunately,  it  does  not  e.xtend  to  the  more  malicious  models  (e.g.  the  Byzantine 
model)  since  the  performance  of  the  faulty  processors  in  runs  of  different  protocols 
cannot  be  readily  compared.  We  consider  therefore  a  slightly  different  approach: 

protocol  is  ck-informative  if  at  each  round  the  processors  following  that  protocol 
attain  as  much  common  knowledge  about  basic  facts  as  they  would  have  attained 
had  each  of  them  transmitted  at  that  round  all  its  knowledge. 

The  definition  of  a  ck-informative  protocol  does  not  provide  us  with  an  intuition 
of  how  to  design  such  protocols.  To  this  end  we  introduce  a  basic  notion,  conveying. 
A  processor  p  conveys  a  fact  to  another  processor  9  if  p  is  certain  that  q  will  know 
that  fact  if  it  trusts  p.  This  notion  of  conveying  allows  us  to  state  a  concise 
characterization  of  ck-informative  protocols. 

Equipped  with  this  characterization  we  develop  a  ck-informative  protocol  which 
we  call  the  New  Information  Protocol,  NIP.  We  prove  that  the  intrinsic  parameter 
governing  NIP’s  performance,  in  terms  of  communication  complexity,  processing 
time  and  storage  space,  is  the  number  of  actual  lies  performed  by  the  crashing 
processors.  Stated  briefly,  for  any  fixed  network  size,  NIP’s  complexity  is  linear 
in  the  number  of  actual  lies.  We  prove  that  NIP  is  majcimally  communication 
efficient  according  to  various  natural  complexity  measures.  A  corollary  of  this 
section  is  the  construction  of  a  maximally  communication  efficient  simulation  of 
the  standard  full-view  protocol  (cf.  [PSL]).  In  appendix  C  we  develop  an  efficient 
procedure  for  evaluating  the  basic  facts  that  are  common  knowledge  at  each  round. 

We  are  naturally  led  to  analyze  the  complexity  of  determining  common  knowl¬ 
edge  using  ck-informative  protocols  as  a  function  of  the  parameter  t.  the  standard 
bound  on  the  number  of  faulty  processors.  We  prove  in  the  Byzantine  model  that, 
for  every  ck-informative  protocol  there  exists  a  run  of  that  protocol  in  which  some 


processor  transmits  at  lea^t  c'  bits  at  a  round  in  which  it  is  correct,  for  c  >  1. 
A  refinement  of  this  proof  shows  that  the  same  worst  case  lower  bound  holds  in 
the  problem  of  achieving  Simultaneous  Byzantine  Agreement  when  corresponding 
sba-informative  protocols  are  used. 

This  paper  is  organized  as  follows;  In  section  2  we  introduce  our  intuitive 
model,  followed  by  its  formalization  in  section  3.  In  section  4  we  present  a  brief 
overview  of  the  knowledge  formalism  used  in  this  paper.  In  section  5  we  introduce 
the  concept  of  a  ck-informative  protocol.  We  then  present  the  basic  notion  of 
conveying  information  that  allows  a  concise  characterization  of  the  ck-informative 
protocols.  In  section  6  we  develop  our  ck-informative  protocol  NIP.  In  addition, 
we  prove  that  NIP  is  linear  in  the  number  of  actual  lies  performed  in  the  network, 
and  that  it  is  maximally  communication  efficient  according  to  a  natural  complexity 
measure.  In  section  7  we  analyze  the  communication  complexity  of  ck-informative 
protocols  as  a  function  of  the  parameter  t.  We  derive  an  exponential  lower  bound 
which  we  then  e.xtend  to  the  problem  of  achieving  Simultaneous  Byzantine  Agree¬ 
ment. 

In  appendix  A  we  present  a  fairly  precise  description  of  NIP.  In  appendix  B 
we  show  that  the  consistency  test  of  messages  performed  in  NIP  is  as  effective  as 
the  most  general  consistency  test.  In  appendix  C  we  introduce  the  concept  of  the 
critical  round  and  an  efficient  algorithm  for  its  evaluation  in  runs  of  NIP.  Finally, 
in  appendices  D  through  H  we  prove  theorems  1  through  5. 

2  The  Intuitive  Model 

Let  P  =  {pi,P2i  •  •  ■  iPn}i  n  >  2,  denote  the  finite  set  of  processors  in  a  distributed 
network  in  which  every  processor  can  communicate  with  every  other  processor 
using  messages.  Messages  are  strings  over  a  finite  alphabet  A. 

The  network  is  synchronous.  This  means  that  communication  progresses  in 
discrete  rounds.  Each  round  has  two  phases:  At  the  beginning  of  each  round 
every  correctly  operating  processor  transmits  to  other  processors  using  messages, 
and  outputs  using  strings  over  a  finite  alphabet  P.  At  the  end  of  each  round  /, 

/  =  1,2,...  every  processor  p  receives  all  the  messages  that  were  transmitted  to  it 
at  the  beginning  of  that  round  and  it  also  receives  an  external  input,  INPUT{pJ), 
which  is  a  string  over  a  finite  alphabet  E.  Before  communication  begins,  i.e.  at 
the  end  of  round  0,  the  processors  receive  an  external  input  IN PUT{p.O). 

If  a  processor  fails  in  any  way  during  a  round,  a  powerful  diagnostic  will  detect 
that  flaw  and  disable  that  processor’s  communication  links  at  the  end  of  that 
round,  thereby  preventing  it  from  transmitting  erroneous  information  in  future 


rounds.  We  adopt  the  prevalent  assumption  that,  for  some  fixed  <  <  n  —  1,  at 
most  t  processors  fail  in  the  network. 

Notice  that  this  model  is  very  similar  to  the  classical  model  appearing  in  [PSL]. 
Moreover,  since  each  incorrect  processor  may  deceive  only  at  a  single  round,  the 
lower  bounds  that  we  derive  in  this  paper  are  fairly  strong.  In  the  following  section 
we  present  a  new  formalization  of  this  model  in  order  to  make  our  claims  rigorous. 

3  Basic  Definitions 

In  this  section  we  formalize  the  intuitive  model  presented  above. 

A  (transmission)  protocol  7  is  a  set  of  protocol  functions  {P'(p,/)}(p,/)gpxAf-  Each 
/’(p  /)  is  an  n-tuple  of  functions  (■E(p'/)>  ^(piy  •  •  •  ■>  that, 

F(p,i)  ■  (-*)'  ^  ^  A*. 

determines  the  message  that  p  transmits  to  p,-  at  round  /  as  a  function  of 
both  the  messages  and  the  external  inputs  that  p  has  received  before  1. 

An  output  protocol  0  is  a  set  of  output  functions  {0(p,f)}(p,;)ePxAr> 

0(p,,)  :  (S*)'  X  -  r*. 

0(p.i)  determines  the  output  of  processor  p  at  round  1. 

Let  M  denote  the  set  of  natural  numbers.  A  run  p  is  a  tuple 


(n,  t,  7,  OJNPUT,  CA,  ADV) 


where; 


•  «  €  vV  is  the  number  of  processors. 

•  t  €  >/  is  the  bound  on  the  number  of  faulty  processors,  (  <  n  -  1. 

•  7  is  a  protocol. 

•  0  is  an  output  protocol. 

•  /iVPI/T  is  a  function  P  X  ({0}  u  J/) E* . 

•  CA,  the  crashing  assignment,  specifies  which  processors  are  faulty  and  at 
which  round  they  crash.  Formally,  CA  is  a  set  of  at  most  t  pairs  in  P  x  >/ 
so  that  no  two  pairs  have  the  same  first  coordinate. 


mm 


•  ADV .  the  adversary,  is  the  set  of  messages  that  each  faulty  processor 
\,ransmits  at  its  crashing  round  and  its  output  there.  Formally,  it  is  a 
function  that  assigns  to  each  pair  in  CA  an  element  in  (A*)"  x  F*. 

We  say  that  p  is  a  run  of  7 .  Each  run  p  induces  a  partition  of  P  x  >/  into  one 
of  three  states:  healtky[p],  ill[p]  and  dead[p].  Consider  a  pair  (pj)  6  P  x  >/;  if  for 
all  k,  {p,k)  ^  CA,  then  (p, /)  €  healthy[p].  If,  on  the  other  hand,  for  some  k  G 
(p,  k)  E  CA  then: 

•  If  I  <  k  then  (p,/)  E  healthyfp]. 

•  If  I  =  k  then  (p,Z)  E  ill[p]. 

•  If  Z  >  A:  then  (p,Z)  E  dead[p]. 

Let  failing[p\  =  ill[p]  U  dead[p].  We  will  usually  abuse  our  notation  by  referring 
to  (p,Z)  E  healthy[p]  as  “p  is  healthy  at  round  Z  in  p".  This  notation  extends 
similarly  to  the  cases  where  (p,Z)  E  ill[pj,  (p,Z)  E  dead[p]  and  (p,Z)  E  failing[p]. 

A  run  p  naturally  induces  an  execution  E'A’’[p],  which  specifies  both  the  mes¬ 
sages  transmitted  in  the  network  and  the  outputs  of  the  processors.  In  order  to 
formalize  this  notion  we  first  define  the  view  of  a  processor  when  it  is  healthy  at 
a  round  in  some  run.  The  view  of  processor  p  that  is  healthy  at  round  Z  in  p, 
u[p](p,  Z),  is  the  messages  that  p  has  received  before  and  including  Z  in  p  and  its 
INPUT  there,  that  is,  {INPUT{p,k)}o<k<l-  Hereafter  we  restrict  the  domains 
of  F(pj)  and  O^p  ij  to  the  set  of  views  of  p  at  Z  -  1  in  runs  of  both  7  and  0. 

We  define  PA'Ip]  according  to  the  following  rules: 

•  CA  naturally  induces  the  state  of  each  processor  at  every  round  in  p. 

•  At  the  end  of  each  round  every  processor  p,-  receives  an  n-tuple  of  messages, 
whose  coordinate,  l<j<n,j^i,  corresponds  to  the  message  py 
transmits  to  pi  at  that  round.  (The  i‘^  coordinate  is  0.) 

•  A  processor  that  is  healthy  at  a  round  transmits  in  £'A'[pl  according  to 
7.  Assume  that  the  messages  transmitted  in  EX[p]  before  round  Z  were 
already  constructed.  Then  the  message  that  p  transmits  to  p,  at  Z  in  p,  if 
it  is  healthy  there,  is  P(p'j)(u[p](p,  Z  -  1)),  where  p,  ^  p. 

•  A  processor  that  is  healthy  at  a  round  outputs  in  EX[p]  according  to  0. 
Thus,  the  output  of  p  at  Z  in  p.  if  it  is  healthy  there,  is  0(p  /)(r[pj(p.Z  —  1)). 


•  A  processor  that  is  ill  at  a  round  transmits  and  outputs  in  EX[p\  according 
to  ADV . 

•  A  processor  that  is  dead  at  a  round  neither  transmits  nor  outputs  in  EX[p\. 

Let  M[p]{p,q,l)  denote  the  message  that  p  sends  to  q  at  round  I  in  EA'[p]. 
Denote  by  S£'(!?[p](Z)  the  messages  transmitted  in  the  first  I  rounds  of  FA'Ip]; 
more  precisely, 

S£;G[p](0  =  {ip,q,k,M[p\{p,q,k))  \  p,q  G  P,k  <l}. 

In  this  paper  we  consider  only  the  Byzantine  case  (in  which  processors  that 
are  ill  can  transmit  arbitrary  messages)  as  can  be  implied  from  the  definition  of 
the  adversary. 


4  Knowledge  Formalism 

In  this  section  we  present  a  knowledge  formalism  along  the  lines  of  [DM],  modified 
according  to  our  needs. 

A  predicate  ^5  is  a  set  of  runs.  A  predicate  ip  holds  at  a  run  p,  denoted  by 
p  ^  (f,  \{  p  E  p.  A  basic  predicate  is  a  predicate  that  depends  only  on  CA  and 
INPUT. 

A  processor  p  that  is  healthy  at  round  I  in  p  knows  <p,  denoted  by  p  |=  K^p  i)<p, 
if  <p  holds  at  all  runs  which  are  indistinguishable  by  p  at  I  from  p.  To  make  this 
definition  more  precise  consider  the  following  equivalence  relation:  Two  runs  of 
,  ,  (P-')  , 

the  same  protocol  are  (pj) -equivalent,  denoted  by  p  p  ,  if  p  is  healthy  at  I  in 
both  and  it  has  the  same  view  at  /  in  both.  Thus,  p  ^  iff  p  is  healthy  at  I 

(p.O 

in  p  and  p'  \=  p  for  all  p'  ^  p. 

Let  p  ^  Eip  denote  that  every  processor  p  that  is  healthy  at  I  in  p  knows  p. 
Let  Efp  =  p  and  let  p  [=  E^'^'^p  denote  p  f=  Ei{EJ^p)  for  m  >  0.  A  predicate 
p  is  common  knowledge  at  round  I  in  p,  denoted  by  p  ^  Cip,  if  for  every  m  >  0. 
p  1=  EJ^p. 

Two  runs  of  the  same  protocol  are  similar  at  I,  denoted  by  p  ~  p' .  if  there 
exist  a  finite  sequence  of  runs  of  that  protocol  {pt}o<*<m  and  a  finite  sequence  of 
processors  {Pn}o<(fc<m  so  that: 


It  is  apparent  that  ~  is  an  equivalence  relation.  The  following  basic  fact.  see. 
e.g.,  [CM].  [DM]  and  [FI],  establishes  a  clear  connection  between  kno'vledge  and 
distributed  systems: 


Fact  1 


p  1=  Cup  iff  p\=  'P  for  all  p  satisfying 


5  Common  Knowledge  Informative  Protocols 

\Ve  begin  this  section  by  introducing  a  class  of  protocols  that  attain,  in  some  sense, 
maximal  common  knowledge  at  each  round.  These  protocols  are  called  common 
knowledge  informative  protocols  or  ck-informative  for  short. 

The  first  approach  that  we  consider  is  to  let  a  protocol  be  ck-informative  if  some 
basic  facts  become  common  knowledge  as  early  as  possible  to  processors  following 
that  protocol.  This  approach  yields  interesting  results  in  both  the  crash  and  the 
omission  models  (cf.  [MT]).  It  does  not  extend,  however,  to  the  more  malicious 
models,  such  as  the  Byzantine  case,  since  the  performance  of  the  adversary  in  runs 
of  different  protocols  cannot  be  readily  compared. 

Thus,  we  need  a  slightly  different  approach.  Let  p  be  healthy  at  round  I  in  a 
run  of  a  ck-informative  protocol.  VVe  want  p  to  maximize  the  common  knowledge 
at  I  in  the  following  sense:  Suppose  that  the  processors  transmit  at  /  according  to 
some  protocol  functions  which  may  be  different  from  the  ones  in  the  ck-informative 
protocol.  Let  p  he  a.  predicate  that  is  common  knowledge  at  I  in  that  run.  Then  p 
should  also  be  common  knowledge  at  /  if  instead  p  follows  at  I  the  ck-informative 
protocol.  Since  we  are  comparing  different  protocols,  we  restrict  our  attention 
to  predicates  p  that  are  protocol-independent,  that  is,  basic  predicates.  Now,  a 
protocol  is  ck-informative  if  every  processor  that  is  healthy  at  a  round  in  a  run  of 
that  protocol  maximizes  the  common  knowledge  at  that  round. 

We  proceed  to  formalize  these  ideas.  We  first  introduce  a  binary  relation  on 
runs  of  different  protocols.  Unfortunately,  (p, f)-equivalence  cannot  serve  that 
purpose,  since  it  only  relates  runs  of  the  same  protocol.  We  say  that  two  runs  are 
[pj] -weakly- equivalent  if  p  is  healthy  at  I  in  both,  p  has  the  same  view  at  /  -  1  in 
both,  and  the  protocol  functions  corresponding  to  processors  at  rounds  prior  to  / 
coincide  in  these  two  runs. 

U’-(P./) 

Definition  1  Two  runs  are  (p,/)-wcakly-equivalent,  denoted  by  p  ^  p'  if: 

•  p  is  healthy  at  I  in  both. 


w; 


•  p  has  the  same  view  at  I  ~  \  in  both. 

•  For  every  processor  q  and  round  k,  k  <  1.  the  protocol  functions  of  q  at  k 
in  p  and  p'  coincide. 

We  now  use  this  relation  in  order  to  formalize  the  notion  of  a  ck-informative 
protocol; 

Definition  2  A  protocol  ^  =  {^(P.  /)}  is  ck-informative  if  the  following  holds  for 

any  run  p  of  that  protocol:  Let  p'  satisfy  p  p,  and  let  p  be  any  basic  predicate 

so  that 

p'  1=  Ci<p. 

Then 

p"  Cpp. 

where  p"  differs  from  p'  only  in  that  p  transmits  at  I  in  p"  according  to  Ff^p  iy 

Interestingly,  this  notion  coincides  with  the  notion  of  an  optimal  protocol  for 
common  knowledge  appearing  in  [MT],  when  restricted  to  the  omission  model.  We 
will  see  in  section  7.1  that  this  notion  bears  a  close  relation  to  a  problem  of  eagerly 
attaining  Simultaneous  Byzantine  Agreement. 

A  natural  problem  that  arises  at  this  point  is  finding  a  simple  characterization 
of  the  ck-informative  protocols.  To  this  end  we  introduce  some  new  concepts. 
Consider  a  processor  p  that  by  checking  the  message  that  some  other  processor  q 
transmitted  to  it  at  /  discovered  that  q  was  ill  at  /.  This  can  happen  if,  e.g.,  q 
sends  to  p  at  /  some  forged  information  about  some  other  processor  r,  and  also 
AI(r,pJ)  /  0,  so  that  p  knows  at  /  that  r  was  healthy  at  /  —  1.  In  the  Byzantine 
case,  the  only  meaningful  information  that  such  a  message  carries  about  basic 
predicates  is  that  q  was  ill  at  1. 

This  intuition  motivates  the  following  definition:  The  reduced  view  of  p  at 
round  I  in  p,  RV[p][p,l),  is  the  INPUT  that  p  has  received  up  to  and  including 
round  Imp  and  the  set  of  messages  that  p  has  sent  and  received  in  these  rounds. 
We  exclude,  however,  every  message  A/[p](7, p.  1:),  k  <  1.  for  which  p  knew  at  k 
in  p  that  q  was  ill  at  k.  Such  a  message  is  replaced  in  the  reduced  view  by  the 
statement  "‘g  was  detected  ill  at  A;”. 

We  now  introduce  a  basic  notion  -  conveying.  Let  p  be  healthy  at  /  in  some 
run.  and  assume  that  p  knows  the  predicate  p.  Suppose  that  p  wants  to  inform 
q  at  round  I  that  the  predicate  p  is  true.  There  are  many  ways  for  p  to  attain 
this  goal.  The  simplest  would  perhaps  be  to  just  transmit  p.  .Another,  probably 
more  efficient  approach,  would  be  to  let  p  and  q  have  some  a  prion  agreements 


so  that,  e.g.,  more  typical  predicates  would  require  less  communication  bits  than 
the  rare  ones.  Conveying  completely  abstracts  the  issue  of  how  information  is 
transferred.  Instead,  it  captures  the  intuition  that  one  processor  informs  another 
one  of  a  predicate,  provided  of  course  that  the  recipient  trusts  the  sender,  without 
mentioning  at  all  the  means  whereby  this  is  achieved,  and  no  matter  how  malicious 
the  unreliable  processors  are. 

Definition  3  Assume  that  p  is  healthy  at  I  in  p  and  p  [= 

p  conveys  <p  to  q  I  \n  p  if 

p  1=  A'(p {if  p  is  healthy  at  I  then  f)  . 

VVe  say  that  p  conveys  its  reduced  view  to  q  at  I  in  p,  if  p  conveys  to  g  at  / 
in  p  the  predicate  ^  =  “The  reduced  view  of  p  at  /  -  1  is  RV[p]{pJ  —  1)".  A 
protocol  is  a  (reduced)  conveying  protocol,  {Z)CP  for  short,  if  at  every  run  of  that 
protocol  every  processor  conveys  its  (reduced)  view  to  all  the  other  processors  at 
every  round  in  which  it  is  healthy. 

In  order  to  introduce  some  life  into  the  runs  that  we  are  considering  we  must 
initiate  them  somehow.  To  this  end  we  assume  that  each  processor  p  that  is  healthy 
at  round  1  conveys  its  INPUT  (at  round  0)  to  every  other  processor. 

.ALnother  notion  we  need  in  this  section  is  information  symmetry.  The  intuition 
behind  this  notion  is  that  the  message  that  processor  p,  which  is  healthy  at  /, 
transmits  to  a  processor  q  a.tl  completely  determines  the  message  that  it  transmits 
to  any  other  processor  at  that  round. 

Definition  4  A  protocol  7  =  is  information  symmetric  if  (^(p  i))~^  °  ^(p  t) 

IS  independent  of  q. 

To  see  that  this  definition  meets  the  intuition  that  we  mentioned  above,  con¬ 
sider  the  following  rather  trivial  lemma: 

Lemma  1  The  protocol  7  =  {P[p,i)}  is  information  symmetric  iff  for  every  pair 
of  runs  p  and  p'  of  7  in  which  p  is  healthy  at  I,  for  all  processors  q  and  r, 
M[p]{p,q,l)  =  M\p'\{p,q,l)  iff  M[p\{p,r,l)  =  M{p'](p,r,l) . 

Finally,  we  state  the  central  result  of  this  section,  which  is  a  characterization 
of  information  symmetric  ck-informative  protocols: 


Theorem  1  An  information  symmetric  protocol  7  is  ck-informative  iff  7  is  an 
ZCP. 


5.1  Weak  Information  Symmetry 

la  the  previous  section  we  introduced  the  notion  of  information  symmetry.  As  we 
will  see  in  this  section  this  notion  is  too  restrictive  in  several  respects,  therefore  we 
will  try  to  modify  it  in  order  to  capture  more  naturally  our  intuition  of  information 
symmetry. 

The  changes  that  we  want  to  introduce  involve  two  aspects  of  information 
symmetry  that  we  find  inappropriately  strong.  Consider  again  processor  p  that  is 
healthy  at  round  /.  Our  first  reservation  about  information  symmetry  is  that  it 
requires  p  to  transmit  at  I  to  processors  that  it  knew  at  /  —  1  would  be  dead  at  1. 
Our  second  reservation  is  that  p  is  required  to  convey  to  q  information,  which  p 
knows  that  q  already  knows,  such  as  information  that  p  received  from  q  at  previous 
rounds. 

Having  stated  the  drawbacks  of  information  symmetry,  we  now  develop  a  new 
notion  called  weak  information  symmetry  that  on  the  one  hand  maintains  our 
basic  intuition  about  information  symmetry,  and  on  the  other  hand  avoids  the 
drawbacks  that  we  mentioned  above. 

Consider  two  processors  q  and  r  that  p  did  not  know  at  /  —  1  would  be  dead  at 
/.  VVe  no  longer  require  that  the  message  that  p  sends  to  q  at  round  I  determine 
the  message  that  p  sends  to  r  at  that  round.  The  point  is  that  p  will  completely 
omit  the  messages  that  q  transmitted  to  it  before  I  from  its  transmissions  to  q  at 
/,  whereas  it  may  convey  them  to  r. 

Not  surprisingly,  there  is  a  simple  solution  to  this  problem.  We  want  the 
messages  that  p  transmits  to  q  up  to  and  including  I  together  with  the  messages 
that  q  transmits  to  p  prior  to  /,  to  completely  determine  the  messages  that  p 
transmits  to  r  up  to  and  including  /. 

We  also  require  that  if  p  knew  at  /  —  1  that  q  would  be  dead  at  /,  then  p  should 
not  transmit  anything  to  q  at  1.  The  skeleton  of  the  definition  of  weak  information 
symmetry  is  now  developed. 

Definition  5  A  protocol  7  is  weakly  information  symmetric  if  it  satisfies  the 
following  two  properties: 

•  Let  p  and  p'  be  any  two  runs  of  7 ,  let  p  be  healthy  at  I  in  both  runs,  and 
assume  that  p  did  not  know  at  I  —  I  in  either  run  that  q  would  be  dead 
at  I  nor  that  r  would  be  dead  at  1.  Then,  if  M[p]{p.q,k)  =  .A/[p'](p. 7,A:) 
for  k  <  I,  and  M\p\{q,p,k)  =  A/[p'](^,p, fc)  for  k  <  I,  then  also  for  every 
k  <  I,  M\p\{p,r,k)  =  A/[p'](p,  r,^•). 

•  For  every  run  p  of  7 ,  if  p  is  healthy  at  I  in  p  and  it  knew  at  I  —  I  that  q 
would  be  dead  at  1.  then  A/[p](p,7,/)  =  0. 


im 


I 


Fortunately  this  weaker  notion  of  information  symmetry  preserves  theorem  1. 
In  fact: 

Corollary  1  A  weakly  information  symmetric  protocol  7  is  ck-inf or  motive  iff  7 
IS  an  ZCP. 

Corollary  1  is  the  theoretical  motivation  for  the  New  Information  Protocol, 
NIP,  that  we  develop  in  the  next  section. 

6  The  New  Information  Protocol 

It  is  apparent  from  theorem  1  that  the  standard  Full- View  Protocol,  FV’  (cf. 
[PSL]),  in  which  every  processor  transmits  its  view  whenever  it  is  healthy,  is  ck- 
informative.  It  is  well  known,  however,  that  FV  is  communication  inefficient. 

In  this  section  we  introduce  another  ck-informative  protocol,  the  New  Infor¬ 
mation  Protocol,  NIP.  As  indicated  by  its  name,  the  basic  idea  behind  NIP  is  that 
each  processor  transmits  only  new  information  at  each  round  in  which  it  is  healthy. 

NIP  has  four  appealing  properties:  First,  of  course,  it  is  ck-informative.  Sec¬ 
ond,  it  is  weakly  information  symmetric.  Third,  each  processor  transmits  at  every 
round  as  little  information  as  possible,  and  fourth,  it  is  maximally  communication 
efficient  under  various  natural  complexity  measures.  This  notion  of  information 
will  not  be  formalized  in  this  paper. 

6.1  Message  Structure  in  NIP 

NIP  resembles  FV  in  the  structure  of  its  messages.  Recall  that  each  message  in 
FV  can  be  viewed  as  a  union  of  atoms,  e.g., 

=  IJatom 

where  each  atom  is  an  ordered  pair  of  the  form 

atom  =  (chain,  content). 


Now  a  chain  in  this  case  looks  like 


Pi  I  Pi-t 


(-1 

Pik-2  ^  P'k-l 


and  its  content  is  either  an  INPUT,  the  empty  message  0,  or  a  lie.  The  semantics 
of  that  atom  is  that  p,-,  transmitted  content  to  at  /  —  A:  -t-  2,  and  that  this  infor¬ 
mation  reached  Pn_,  at  /  -  1  passing  through  Pi'3,Pi4,  ■  •  •  ,Pn_2-  .Notice,  however. 


that  some  processor  1  <  /  <  k,  might  have  forged  that  content  or  the  head  of 
that  chain  (i.e.  pi^  —*  pi^  —  Piy.,)- 

We  now  introduce  the  format  of  the  messages  in  NIP.  This  format  will  allow 
each  processor  to  process  and  store  its  information  efficiently.  We  begin  by  saying 
what  these  messages  are  not.  A  message  that  is  transmitted  according  to  NIP  is 
not  merely  a  sequence  of  chains  queued  one  after  the  other;  instead,  it  is  formatted 
as  a  transmission  tree.  The  transmission  tree  that  p  transmits  to  q  at  /,  which  we 
denote  by  TT{p,q,l),  is  a  tree  having  nodes  labelled  with  processors’  names,  a 
root  labelled  p,  and  no  two  sons  of  any  internal  node  having  the  same  label.  A 
path  from  a  leaf  to  the  root  represents  a  chain  that  p  received  at  /  -  1,  and  every 
such  path  carries  the  corresponding  content.  Notice  that  the  root  p  can  in  fact  be 
dispensed  with.  We  have  introduced  it  since  it  is  easier  to  talk  about  transmission 
trees  instead  of  transmission  bushes. 

Another  minor  difference  between  the  messages  in  NIP  and  the  messages  in 
FV  is  that  in  NIP  we  allow  the  content  of  atoms  to  be  of  the  form  “processor  q 
was  detected  ill  at  round  /.” 

6.2  Transmission  in  NIP 

In  this  section  we  develop  the  intuition  behind  NIP.  There  are  two  basic  principles 
that  make  NIP  an  appealing  protocol.  The  first  is  that  each  processor  checks 
the  consistency  of  the  messages  it  receives,  and  the  second  is  that  each  processor 
transmits  only  new  information  at  each  round.  We  now  expand  on  these  two  ideas 
by  describing  their  implementation  in  NIP. 

We  need  a  technical  detail;  In  definition  3  we  introduced  the  notion  “p  conveys 
the  predicate  (pi  to  g  at  fin  the  run  p”,  for  p  healthy  at  1.  Hereafter  we  extend  this 
definition  also  to  processors  p  that  are  ill  at  I  and  to  predicates  >p  that  p  claims 
at  I  to  have  known  at  I  -  1.  We  are  assuming  here  that  the  recipient  q  does  not 
detect  that  p  was  ill. 

Consider  a  processor  p  that  is  healthy  at  round  I  in  some  run  of  NIP.  At  the 
end  of  that  round  p  receives  the  messages  that  were  addressed  to  it.  The  first  fact 
that  p  concludes  from  a  nonempty  message  that  a  processor,  say  q,  transmits  to  it, 
is  that  q  must  have  been  healthy  at  /  —  1,  and  therefore  that  the  information  that 
q  conveyed  there  is  certainly  trustworthy.  Notice  that  trusting  7  at  /  -  1  might 
involve  trusting  some  other  processors  at  /  -  3,  and  this  in  turn  might  involve 
trusting  some  other  processors  at  /  -  5,  and  so  forth.  Thus  the  mere  fact  that  a 
message  is  nonempty  at  I  conveys  a  substantial  amount  of  information. 

The  next  step  that  p  performs  at  I  is  to  check  the  consistency  of  the  messages 
it  receives.  This  consistency  check  is  the  first  basic  principle  in  NIP.  Consider  the 


message  that  q  transmits  to  p  at  /.  The  first  examination  that  p  performs  on  that 
message  is  a  standard  syntactical  test.  Next,  for  every  r  that  p  knows  is  healthy 
at  /  -  1,  p  uses  the  weak  information  symmetry  of  NIP  in  order  to  check  that  q 
conveyed  to  it  at  /  correct  information  about  r.  Similarly,  for  every  r  that  p  knows 
is  dead  at  /  —  1,  p  checks  that  q  conveyed  to  it  that  q  did  not  receive  a  message 
from  r  at  /  -  1. 

We  have  already  said  what  p  checks  in  the  message  it  received  from  q  a.t  I 
concerning  each  processor  r  that  p  knew  was  either  healthy  or  dead  at  /  -  1.  What 
can  p  check  in  that  message  if  it  did  not  know  that  r  was  either  healthy  or  dead? 
Well,  as  far  as  p  knows,  r  could  have  sent  any  message  whatsoever  to  9  at  /  —  1. 
However,  p  does  know  that  had  q  been  healthy  at  /  ,  it  should  have  transmitted  only 
information  that  was  new  to  it,  according  to  the  second  principle,  and  it  should 
have  checked  the  reliability  of  the  information  that  r  conveyed  to  it.  Notice  that 
the  latter  test  is  in  effect  a  recursive  procedure,  since  p  might  have  to  check  next 
that  q  checked  that  r  checked  some  other  processor,  and  so  forth.  Now  that  we 
know  what  it  is  that  p  can  check,  we  state  that  this  is  precisely  what  it  is  going  to 
check.  To  test  that  q  transmitted  only  information  that  was  new  to  it  is  fairly  easy. 
To  test  that  q  checked  the  consistency  of  the  messages  that  were  transmitted  to  it 
is  somewhat  more  involved,  p  first  constructs  the  reduced  view  of  ?  at  /  -  1  based 
on  the  messages  that  q  transmitted  to  it  up  to  and  including  /.  p  then  checks  that 
the  messages  that  q  claimed  to  have  received  from  each  such  r  could  have  passed 
q's  examination  in  the  reduced  view  that  q  conveyed  to  it. 

In  appendix  B  we  prove  a  central  result,  which  states  that  when  p  checks  q  at 
/  regarding  the  message  that  q  claimed  to  have  received  from  r  at  /  —  1,  it  need 
only  check  the  new  information  that  q  conveyed  to  p  that  r  conveyed  to  q.  In 
other  words,  if  q  conveys  to  p  at  /  that  r  conveyed  to  it  some  information  at  /  —  1 
that  was  in  accordance  with  what  q  knew  at  /  —  2,  then  this  type  of  information 
cannot  lead  to  an  inconsistency  in  the  message  that  q  sent  p  at  /.  If,  on  the 
other  hand,  q  transmits  that  information  rather  than  conveying  it,  then  p  knows 
immediately  that  q  was  ill,  since  this  contradicts  the  principle  of  transmitting  only 
new  information.  This  lemma  has  a  strong  impact  on  the  communication,  time 
and  space  complexity  of  NIP.  In  fact  it  shows  that  NIP  is  linear  in  the  number  of 
lies  committed  in  the  network  with  respect  to  these  three  criteria. 

We  now  discuss  the  second  principle,  namely,  that  each  processor  transmits 
only  new  information  when  it  is  healthy.  Consider  again  processor  p  after  it  checked 
the  consistency  of  the  messages  that  it  received  at  /.  Since  NIP  is  ck-informative, 
p  must  find  a  way  to  convey  its  reduced  view  to  all  the  processors  that  might  be 
healthy  at  /  +  1.  Let  ^  be  a  processor  that  transmits  a  non-empty  message  to  p 


at  I  so  that  p  cannot  determine  at  /  that  it  was  ill.  Thus  q  must  have  conveyed  to 
p  the  message  that  it  received  from  every  other  processor,  say  r,  which  we  denote 
by 

M{r,qJ  -  l\M(q,pJ)). 

^Assume  first  that  A/(r, p,/  —  1)  ^  0  and  p  could  not  determine  at  /  -  1  that  r 
was  ill  at  /  —  1.  Then,  the  PI\'OT  message  of  p  with  respect  to  r  at  I  —  I  or,  more 
shortly,  PIVOT{r,p,l  -  1)  is  AI{r,pJ  -  1).  The  motivation  behind  this  name  is 
as  follows:  p  does  not  transmit  AI{r,q,l  —  l\A{{q,pJ)).  Instead,  it  transmits  the 
atoms  whereby  AI{r,q,l  -  l|A/(g,p,I))  differs  from  PP^'OT[t,p,1  —  1),  which  we 
call  the  new  information  that  q  conveys  to  p  at  I  about  r. 

What  about  decoding?  Since  AI(r,pJ  -  1)  ^  0  and  p  could  not  determine  at 
I  —  1  that  r  was  ill  at  /  -  1,  p  must  have  conveyed  A/(r, p, /  —  l)  at  /.  Thus,  all  the 
processors  that  are  healthy  at  /  +  1  can  retrieve  A/(r,g,/  —  l|A/(g,p,/))  from  the 
difference  that  p  transmits  at  /  +  1  and  the  PIVOT. 

The  point  in  transmitting  only  differences  is  that  if  both  q  is  healthy  at  /  and  r 
is  healthy  at  /  -  1,  then  p  will  not  have  to  transmit  at  Z  +  1  any  communication  bit 
whatsoever  in  order  to  convey  A/(r,g,Z  -  l|A/(g,p,Z)).  If,  on  the  other  hand,  either 
q  is  not  healthy  at  Z  or  r  is  not  healthy  at  Z  -  1,  then  each  atom  that  p  transmits  at 
Z  +  1  carries  at  least  one  lie  performed  by  either  g  at  Z  or  r  at  Z  -  1.  This  relation 
between  the  lies  that  are  committed  and  the  atoms  that  are  transmitted  plays  a 
crucial  role  in  the  analysis  of  NIP. 

Assume  now  that  p  managed  to  determine  either  that  r  was  ill  at  Z  -  1  or  that 
the  message  that  r  transmitted  to  p  at  Z  —  1  was  empty.  Here  p  will  not  choose 
A/(r, p,  Z  -  1)  to  be  the  PIVOT  message.  Instead,  it  generates  an  imaginary 
message  Ar{r,pJ  -  1)  as  follows:  First,  for  every  s  ^  r,p,  let 

A/'(s,r,Z-2)  =  A/(s,p,Z-2) 

up  to  weak  information  symmetry.  Now  let  Af'(r,p,Z  -  1)  be  the  message  that  r 
would  have  transmitted  at  Z  —  1  had  it  been  healthy  there  and  had  it  received  the 
messages  that  we  just  constructed.  The  PIVOT  of  p  with  respect  to  r  at  Z  —  1  is 
A/'(r,p,Z-  1). 

Refer  to  appendix  A  for  a  more  detailed  explanation  of  NIP. 

6.3  The  Complexity  of  NIP 

In  this  section  we  analyze  the  complexity  properties  of  NIP.  More  specifically,  for 
a  given  processor  p  at  round  Z  in  some  run  p  of  NIP.  we  estimate  the  number  of 
bits  that  p  transmits  at  Z,  provided,  of  course,  that  it  is  healthy  there.  We  also 


estimate  the  time  and  the  space  that  the  routines  described  in  appendix  A  use  for 
calculating  the  messages  that  p  transmits  at  1. 

We  will  prove  that  the  intrinsic  parameter  governing  NIP’s  complexity  in  a 
segment  is  the  number  of  actual  lies  performed  in  that  segment.  Moreover,  NIP  is 
linear  in  that  parameter. 

Before  introducing  our  notion  of  an  actual  lie  we  make  two  observations;  First, 
recall  that  in  a  ck-informative  protocol  each  processor  conveys  its  reduced  view 
when  it  is  healthy,  and  that  its  reduced  view  can  be  represented  as  a  union  of 
atoms.  Second,  consider  the  atom 

{pi I  — 

that  pij  conveys  to  q  at  I,  where  ^  =  0  or  /?  =  “detected  ilP.  In  NIP  this  atom 
conveys  to  q  two  basic  facts,  provided  of  course  that  it  trusts  pi^, . . .  ,pii^:  First, 
that  A/(p,-, , p,',, /  —  k  +  1)  =  0,  and  second,  that  p,,  conveys  no  new  information 
to  p.j  at  /  -  +  1  besides  Mipiy^Pi^J  -«  +  !)  =  /?.  The  second  fact  means  that 

p,'2  views  the  message  that  p,-,  transmits  to  it  as  the  message  A/'(p,j,p,j,/  —  k  +  1) 
defined  at  the  end  of  section  6.2.  Thus,  a  content  can  be  naturally  assigned  to 
each  chain  of  the  form 

1-1 

qj^  qjf  Pi  I  -*■■  ■  —*  Pi*  . 

With  these  observations  in  mind  we  now  introduce  our  notion  of  an  actual  lie. 
Intuitively,  an  actual  lie  is  simply  an  atom  whose  content  is  incorrectly  conveyed. 
More  formally,  let  q  be  healthy  at  I  in  p,  and  let  r  be  ill  at  1.  We  distinguish 
between  two  cases: 

1.  q  does  not  know  at  /  in  p  that  r  is  ill  at  I  and  M[p][r,qJ)  /  0. 

The  atom  a  is  an  actual  lie  that  r  conveys  to  g  at  /  in  p,  if  r  conveys  a  to 
?  at  /  in  p,  and 

•  If  a  =  r, a),  then  INPUT[p]{r,l  —  1)  /  a. 

•  If 

a  =  (Pii  ^  Pu_,  ^  Pi*  ^  ^  q) 

then  Pn  conveys  the  atom 

(P.i  ^  P.*_,  P.*«'r) 

to  r  at  /  —  1  in  p,  where  7/0'. 
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2.  q  either  discovers  at  /  in  p  that  r  is  ill  at  I  or  M[p](r.q,l)  =  (d. 

Let  M'(r,qJ)  be  the  message  whose  construction  we  described  at  the  end 
of  section  6.2.  a  is  an  actual  lie  that  r  conveys  g  at  /  in  p  if  either  a  is  an 
atom  whose  content  is  incorrectly  conveyed  to  9  by  r  through  M'{r,qJ)  as 
explained  above,  or  a  is  the  message  iV/[p](r,i7,/). 

This  definition  naturally  extends  to  ck-informative  protocols  other  than  NIP. 
Let  AL[p]{kJ)  denote  the  number  of  actual  lies  conveyed  from  round  k  to 
round  I  inclusive  in  the  run  p  of  NIP,  where  k  <  I,  and  for  technical  reasons  let 

AL^[p\{kJ)  =  AL[p]{kJ)  +  1. 

The  content  length  of  an  atom  a,  denoted  by  |a|,  is  the  number  of  bits  used  in 
order  to  represent  the  content  of  that  atom.  Let 

IpI  =  {|a|  I  a  is  conveyed  in  p). 

The  following  theorem  determines  the  complexity  of  NIP: 

Theorem  2  Let  processor  p  he  healthy  at  round  I  in  the  run  p  of  NIP. 

1.  The  number  of  bits  that  p  transmits  at  I  in  p  to  another  processor  is  less 
than 

n{{t+  l)Iogn  +  \p\)AL'*'[p](l  -  2,1  -  1). 

2.  The  time  needed  for  calculating  the  messages  that  p  transmits  at  I  using 
the  routines  described  in  appendix  A  is 

cAL*{p]{l  -  Z,l  -  1) 

where  c  =  poly{n,t,\p\).  The  space  used  in  that  calculation  is 

c'AL+[p](I  -  t  -  1,1  -  1) 
where,  as  before,  c'  =  poly{n,t,\p\). 

6.4  Maximal  Communication  Efficiency  of  NIP 

Consider  the  following  approach  for  comparing  the  communication  efficiency  of 
different  ck-informative  protocols.  Compare  the  total  number  of  bits  transmitted 
by  the  processors  that  are  healthy  in  segments  of  two  such  protocols  sharing  some 
basic  properties,  such  as  identical  CA  and  INPUT. 
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Unfortunately,  tins  measure  is  inappropriate;  m  fact,  for  every  given  run 
(T2  =  {nJ,Q.O,iyPUT,CA,AD\')  of  a  ck-iiiformative  protocol  Q.  there  ex¬ 
ists  a  ck-informative  protocol  /  and  an  adversary  AD\''  such  that  in  the  run 

(7f  =  {iiA,  7 ,0 ,  ly  PUTyCA,  ADV')  each  processor  that  is  healthy  at  a  round 

transmits  at  most  a  single  bit  to  every  other  processor,  and  each  such  processor 
conveys  precisely  the  same  atoms  ais  the  corresponding  processor  at  the  same  round 
in  <7Q.  We  construct  the  protocol  T  as  follows:  Say  that  p  conveys  to  <7  at  /  in  ctq 
the  set  of  atoms  £,.  We  build  7  so  that  p  conveys  £  to  g  at  /  iff  p  transmits  to  q 
at  /  the  bit  1,  The  construction  of  a/  is  clear.  Thus,  the  communication  efficiency 
of  protocols  can  only  be  measured  in  some  weaker  sense. 

For  introducing  our  notion  of  communication  efficiency  we  need  the  following 
definition.  Let 

a=  (p,-,  —  ...  Pif.a). 

The  oc-length  of  a  in  the  run  a,  |a|oo,  is  ma.x{|a|,l}  if  p,^  does  not  convey  any 

actual  lie  with  chain  p,-,  — ►  . . .  p,-^  at  k  in  a,  and  otherwise,  it  is  ma.\16|,  for 

atoms  b  with  chain  p,-,  — »  . . .  — ►  pi^  that  p,^  conveys  at  k  in  cr. 

A  ck-informative  protocol  C£  is  Communication  Efficient  if  for  every  run  cr 
of  CSy  and  for  every  other  ck-informative  protocol  7,  there  exists  a  run  p  of  7 
satisfying  the  following  properties:  First,  the  parameters  n,  t  and  CA  are  identical 
in  CT  and  p.  Second,  the  INPUTs  in  p  are  no  longer  than  the  corresponding 
lyPUTs  in  <T.  Third,  for  every  actual  lie  that  is  conveyed  in  p  there  exists  a 
comparable  actual  lie  in  <r.  This  means  that  there  exists  a  one-to-one  function 
mapping  each  actual  lie  (c/i,a)  in  p  into  an  actual  lie  {ch,i3)  in  a  so  that 

|(c/j,/?)|oo  >  \{ch,a)\. 

Finally,  for  every  /,  fewer  bits  are  transmitted  by  the  processors  that  are  healthy 
in  5£'G[cr](/)  than  by  the  processors  that  are  healthy  in  i'£'G[p](/),  up  to  a  mul¬ 
tiplicative  factor  of  size  polynomial  in  n  and  t.  The  intuition  here  is  that  since 
exponentially  (in  n  and  t)  many  bits  are  often  transmitted  in  runs  of  ck-informative 
protocols,  the  polynomial  factor  is  quite  insignificant.  Moreover,  this  polynomial 
factor  will  allow  us  to  establish  worst  case  exponential  lower  bounds  on  the  number 
of  bits  that  processors  transmit  when  they  are  healthy  in  runs  of  ck-informative 
protocols. 

We  now  formalize  this  intuition.  Let  the  Communication  Complexity  function 
of  SEG[p]{l),  CC[p](/),  be  the  number  of  bits  transmitted  by  the  processors  that 
are  healthy  from  round  1  to  round  I  inclusive  in  p. 

Let  Q  and  7  be  two  ck-informative  protocols.  Given  a  run  cr  of  Q.  let  the  runs 
of  7  dominated  by  cr.  DOM(7,(t),  be  the  set  of  runs  p  of  7.  so  that  n.  t  and  C.\ 
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in  a  and  p  coincide. 


l(Ag,/.VPC^r[a](9,/:))|oo  >  |(-  qjyPUT[p\{q.k))\ 

for  all  processors  q  and  0  <  k  <  I,  and  there  exists  a  one-to-one  function  mapping 
each  actual  lie  (ch,a)  in  p  into  an  actual  lie  {ch,0)  in  a  so  that  |(c/i.;?}|oo  > 
|(c/i,c^)|.  Notice  that  the  parameters  generating  DOM{7 ,cr)  are  relatively  short 
INPUTS  and  severely  restricted  adversaries. 

Definition  6  A  ck-informative  protocol  C£  is  communication  efficient  if  for  some 
p{n,t)  =  poly{n,t),  independent  of  the  number  of  actual  lies  performed  in  the 
network,  for  every  run  a  of  C£ ,  ck-informative  protocol  7  and  round  1: 

CC[a]{l)  <  p{n,t)  max  CC[p]{l). 

fi€DO\f{T,a) 

We  state  now  the  main  result  of  this  section: 

Theorem  3  NIP  is  a  communication  efficient  ck-informative  protocol. 

We  encourage  the  reader  to  develop  other  notions  of  communication  efficiency, 
and  to  prove  that  NIP  satisfies  them.  Notice  that  NIP  provides  an  interesting 
0 (actual  lies)  simulation  of  the  classical  FV. 

7  The  Complexity  of  ck-informative  Protocols 

In  this  section  we  present  a  lower  bound  on  the  number  of  bits  that  are  transmitted 
by  the  processors  that  are  healthy  in  runs  of  ck-informative  protocols  in  terms  of 
the  parameter  t. 

Theorem  4  For  every  n  and  t  and  for  every  ck-informative  protocol  with  these  pa¬ 
rameters,  there  exists  a  run  p  of  that  protocol  with  \p\  =  1  in  which  some  processor 
transmits  at  least  c*  hits  at  a  round  in  which  it  is  healthy,  for  c  >  1. 

7.1  The  Complexity  of  Simultaneous  Byzantine  Agreement 

The  lower  bounds  presented  above  extend  to  the  problem  of  Simultaneous  Byzan¬ 
tine  Agreement,  SBA  (cf.  [DM]).  Motivated  by  our  notion  of  a  ck-informative 
protocol,  we  say  that  a  protocol  7  is  sba-inf or  motive  if,  roughly  speaking,  the  cor¬ 
rect  processors  transmit  sufficient  information  so  that  if  SBA  could  be  achieved  at 
a  round  using  some  other  protocol  functions  corresponding  to  that  round,  then  it 
would  also  be  achieved  using  7. 
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Definition  7  A  protocol  7  =  {/’(p,/)}  is  sba-informative  if  the  following  holds  for 

w-(pj) 

any  run  p  of  that  protocol:  Let  p  satisfy  p  p,  and  assume  that  SBA  is 

attained  at  I  in  p'.  Then  SBA  is  also  attained  at  I  in  p" .  where  p"  differs  from  p' 
only  in  that  p  transmits  at  I  in  p"  according  to  f(p,/)- 

Refining  the  methods  above  we  can  prove  the  following  worst  case  exponential 
lower  bound  for  this  type  of  SBA,  which  we  cal!  Eager  SBA. 

Theorem  5  For  every  n  and  t  and  for  every  sba-informative  protocol  with  these 
parameters,  there  exists  a  run  of  that  protocol  in  which  some  processor  transmits 
at  least  c‘  bits  at  a  round  in  which  it  is  healthy,  for  c  >  1. 
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A  The  Code  for  NIP 


In  this  section  we  present  a  fairly  precise  description  of  NIP.  We  first  introduce 
the  notations  that  we  use  in  the  code  for  NIP.  Next  we  develop  the  procedures 
whereby  the  healthy  processor  p  at  round  I  maintains  and  updates  its  knowledge 
data  structure,  which  we  denote  by  NK{pJ).  Finally,  we  present  a  program  that 
generates  the  messages  that  p  transmits  at  round  /  +  1  in  runs  of  NIP.  provided 
that  it  is  healthy  there.  The  crucial  component  of  that  program  is.  as  expected. 
iVA'(p,/). 

A.l  Notations 

In  order  to  simplify  our  presentation  we  need  some  notations  and  conventions. 

We  adopt  a  PASCAL-like  programming  style.  Procedure  names  are  written 
in  capital  sans  serif  style,  e.g.,  UPDATE.NK(p,/).  Names  of  arrays  are  written  in 
capital  slanted  style  such  as  LB{q,pJ).  Labels  are  written  in  capital  bold  style, 
e.g.  CHECK  and  comments  are  written  in  typewriter  style. 

And  now  some  notations;  M(q,rJ  -  lj:\/(r,p,/))  denotes  the  message  that  q 
transmitted  to  r  at  I  -  1  as  conveyed  by  r  to  p  at  1.  Similarly.  M(q,  rJ\M{q,p.l)) 
denotes  the  unique  message  that  q  should  have  transmitted  to  r  at  /  had  it  been 
healthy  there  and  had  it  transmitted  M{g,p,l)  to  p  (recall  that  NIP  is  weakly 
information  symmetric). 

ST{s,r,l  -  2\M{q,pJ))  denotes  the  subtree  derived  from  M{q,pJ)  (in  fact 
from  the  transmission  tree  that  it  denotes),  by  following  the  path  starting  at  the 
root  (labelled  q)  going  through  its  son  labelled  r  and  reaching  the  son  of  r  labelled 
j  s.  Now  ST{s,rJ  -  2\M{q,p,l))  is  the  subtree  rooted  at  s. 

I  Similarly,  PRU N E{r,qJ  -  l\LB{q,p,l))  denotes  the  subtree  derived  from 

i  LB{q,p,l)  by  first  following  the  path  starting  at  the  root  (labelled  q)  and  end- 

I  ing  at  its  son  labelled  r.  Then  PRUN E{r.qJ  -  \\LB[q^p,l))  is  the  tree  resulting 

■  from  LB{q,p,l)  after  pruning  the  subtree  rooted  at  r. 

A. 2  The  PIVOT 

I 

'  In  section  6.2  we  introduced  the  second  principle  of  NIP.  namely,  that  each  proces- 

I  sor  transmits  only  new  information  when  it  is  healthy.  To  this  end  we  introduced 

!  the  PIVOT  message. 

'  Let  p  be  healthy  at  /  in  a  run  of  NIP.  and  let  17  be  a  processor  tliat  transmits  a 

,  non-empty  message  to  p  at  /  so  that  p  cannot  determine  at  /  that  it  was  ill.  Thus  q 

'  must  have  conveyed  to  p  the  message  that  it  received  from  ever\’  other  processor. 

'  sav  r.  which  we  denoted  bv  M{r.qJ  -  l\M(q.  p,l)). 

\ 


If  p  could  not  determine  at  /  —  1  that  r  was  ill  at  I  —  1  and  M[r,pJ  —  1)  0. 

then  the  message  that  p  received  from  r  at  that  round  is  the  PI\'OT  message  of 
p  with  respect  to  r  at  Z  -  1,  PI\'OT{r,p,l  -  1). 

-Assume  now  that  p  managed  to  determine  either  that  r  was  ill  at  Z  -  1  or  that 
the  message  that  r  transmitted  to  p  at  Z  —  1  was  empty.  Here  p  will  not  choose 
M{r,pJ  —  1)  to  be  the  PIX'OT  message.  Instead,  it  generates  an  imaginary 
message  M'{r,pJ  —  1)  as  follows;  First,  for  every  s  ^  r,p,  let 

M'(s,rJ  -2)  =  M(s,pJ  -  2) 

up  to  weak  information  symmetry.  Now  let  M'(r,pJ  -  1)  be  the  message  that  r 
would  have  transmitted  at  Z  -  1  had  it  been  healthy  there  and  had  it  received  the 
messages  that  we  just  constructed.  The  PI\'OT  of  p  with  respect  to  r  at  Z  -  1  is 
M'(r.pJ  -  1). 

The  intuition  behind  the  PIVOT  message  is  as  follows:  p  does  not  transmit 

Mir,q,l  -  l|.\/(g,p,Z)) 

at  Z  + 1.  Instead  it  transmits  the  atoms  whereby  M{r,  qJ-l\M[q,pJ))  differs  from 
PI\'OT{r,pJ  -  1).  We  will  show  in  appendix  A. 4  how  this  difference  is  evaluated 
in  NIP. 


A. 3  The  nc-state 

In  section  3  we  introduced  a  partition  of  Px  M  based  on  the  crashing  assignment  - 
CA.  We  now  introduce  another  partition  based  on  the  knowledge  that  a  processor 
has  at  a  round  in  which  it  is  healthy.  More  specifically,  let  p  be  healthy  at  Z  in 
p.  We  define  the  following  partition  oi  P  x  M  into  five  sets  which  we  call  the 
nc-state(p,  Z): 

•  nc-healthy[p](p,Z)  =  {{9,/:)|  p  knows  at  Z  in  p  that  q  was  healthy  at  k  }. 
The  sets  nc-ill[p](p,Z)  and  nc-dead[p](p, Z)  are  defined  similarly. 

•  nc-pseudo-healthy[p)(p,Z)  =  {(?,^')|  P  knows  at  Z  in  p  that  q  was  either 
healthy  or  ill,  but  it  does  not  know  which  of  the  two  }. 

The  set  nc-pseudo-dead[p)(p,Z)  is  defined  similarly.  Here  the  uncertainty 
is  between  ill  or  dead  rather  than  between  healthy  or  ill. 


Thus  (q,k)  €  nc-pseudo-healthy(p](p. Z)  means  that  p  knows  at  Z  in  p  that  q 
was  either  healthy  or  ill  at  k.  but  it  cannot  determine  which  of  the  two.  This  can 


happen  in  the  following  situation;  p  receives  a  message  from  q  at  round  k.  for 
some  k  <  1.  from  which  it  could  not  determine  that  q  was  lying  at  k.  Moreover,  it 
does  not  receive  any  message  from  q  after  k,  and  it  gets  no  additional  information 
indicating  that  q  was  ill  at  k. 

We  will  find  it  useful  to  consider  the  following  subset  of  nc-ill[p] (p. l): 

nc-detected-ill[/5](/?, =  A:)l  k  <  I  and  {q.k)  g  nc-ill[p](/;. /i')  }. 

The  idea  is  that  if  [q^k)  €  nc-detected-ill[p](p, /)  then  it  is  not  only  true  that  p 
knows  at  /  in  p  that  q  was  ill  at  fc,  but  it  actually  could  determine  that  fact  at 
round  k  by  examining  the  message  that  q  transmitted  to  it  at  k. 

Also,  let 

nc-failing[p] (p, /)=  nc-ill[p](p,/)  u  nc-pseudo-dead[p](p./)  U  nc-dead[p](p./) 
and  let 

nc-known[p](p,/)=  nc-healthy[p](p, /)  U  nc-dead[p](p,/). 

A. 4  The  Operators  A  and  v 

We  introduce  now  the  two  binary  operators  that  allow  the  coding  and  decoding 
of  the  messages  in  NIP:  A  and  V-  Consider  A  first.  Denote  by  C{Mi]  the  set  of 
atoms  conveyed  through  A/,-,  for  i  =  1,2.  Then,  Mi  A  M2  is  basically  an  efficient 
encoding  of  C(A/i)  \  C{M2). 

These  operators  might  be  better  understood  by  considering  a  simplification  of 
the  problem.  -Assume  for  the  moment  that  each  message  transmitted  in  NIP  is 
really  a  set  of  atoms  instead  of  a  transmission  tree.  Consider  the  following  two 
messages: 

Ml  =  {(c/ii,Q'i), (0/12,02), (c/i3, as)} 

M2  =  {(c/ll,ai),(c/l2,/?2),(«’/«3,»3),(c/l-4.;3t)} 

where  c/i,,  t  =  1 . 4.  denote  different  chains  and  o,,  i  =  1, . . . ,  4,  and  /?,,  i  —  2, 4. 

denote  distinct  values  for  content.  In  this  example 

Ml  A  M2  ~  {(0/12,02).  (c/i^.o^)} 

where  04  is  the  content  corresponding  to  ch^  as  conveyed  by  the  processor  that 
transmitted  .^/l.  Roughly  speaking,  the  effect  of  A  is  to  discard  from  its  first 
operand  each  atom  that  also  appears  in  its  second  operand  (hence,  it  is  not  sym¬ 
metric).  Further,  an  atom  that  appears  in  the  second  operand  carrying  a  chain  ch 


that  is  missing  from  the  first  operand  will  appear  m  Mi  AM2  as  an  atom  carrying 
both  ch  and  the  corresponding  content,  which  was  conveyed  by  the  processor  that 
transmitted  the  first  operand. 

More  specifically,  let  be  healthy  at  f  in  a  run  of  NIP.  and  let  Pn_,  satisfy 
(Pj*_i  ,/-!)€  nc- pseudo-healthy (p,^.,/  -  1).  Assume  that  p,-^  did  not  know  at  /  -  1 
either  that  Pn_,  vvas  healthy  at  /  —  2  or  that  it  was  dead  there,  i.e.,  (Pi*_2'  ^  ^ 

nc-known(p,^,/  -  1). 

We  now  construct  the  tree 

DIF  =  A/(p,-,_,,p.-,_^,/  -  2|A/(p.-,_,,p.*,/  -  1))  A  PI\-OT{p„_„p„J  -  2) 
by  examining  the  following  cases. 

Assume  first  that  A/(p,'^_2,Pn,/  -  2)  ^  <ll  and  p,^  did  not  detect  at  1  -  2  that 
p,j_2  was  ill.  If  Pit_,  conveys  to  pi^^  at  /  —  1  that  M(pii^_„,pii^_^,l  -  2)  =  0.  then 

DIF=(pi,_,^p„_,  '^^p.,,0}. 

If  A/(p,^_j,Pn,/-2)  =  0andp,*_,  conveys  to  p^  at /-I  that  A/(p,j_,,p,*_i,/-2)  = 
0,  then 

DIF  =  0. 

Here  M{pii,_^,pii,,l  -  2|A'/(p,,,_, ,p,^ ,/  —  1))  =  0  is  implicit  in  p,^ ’s  transmission  at 
1.  Notice  that  if 

-  1))  =  PIVOT{pi^_^^,p,^J  -  2), 


then  DIF  —  (Pi^_2  — "  Pi*_i  Pi*»=)-  The  case  where  p,\_,  conveys  to  p^  at 
I  -  1  that  it  detected  that  p.^.^  was  ill  at  I  —  2  is  treated  similarly. 

Assume  now  that  Pi^_j  neither  conveyed  to  p^  at  /  -  1  that 

‘’^■^(P<*-2 -  2)  =  0 

nor  detected  that  Pi^_^  was  ill  at  /  —  2.  Here,  we  construct  DIF  as  follows.  First, 
let 

a  =  INPUT(pi,_„l  -  3!A/(p.,_,,p.,,/  -  1)) 
a'  =  INPUT{pi^_^^J  -3\PD''OT{p,^_^_,p„J  -2)). 

Then  the  atom 

{Pu_2  —  P.*-,  -  P.\-«> 
is  included  in  DIF  iff  a  ^  a' . 


Second,  consider  the  atom 


«  =  (P., 


Pu_2  -  1)). 


If  for  no  1  </<  A;  -  2  is  the  atom 

«/  =  {Pi, 


conveyed  in  Pr\,'OT{pi^_^,pii^J  -  2),  where  i  =  0  or  J  =  “detected  ill",  then  let 

be  the  corresponding  atom  conveyed  in  PI\'OT{pii^_^,pi^J  —  2).  In  this  case  the 
atom 

(P.,  —  —  P.*_,  P.*,a) 

is  included  in  DIF  iff  a  a'.  If,  on  the  other  hand,  a/  is  conveyed  in 

PI\'OT(p,^_^,p,^J  -2) 

for  some  /,  then  a  is  included  in  D/f  regardless  of  its  content. 

The  case  where 

(P.,  -  ...  -  Pu-.>^')ePA'or(p.*_,,p.,./-2) 
but  p,|,_^  conveys 

(p,l  ...  '  Pik-2  ’P'k-l'*^) 

to  Pn  at  /  —  1,  with  Q  /  q',  is  treated  similarly. 

Having  completed  the  operations  above,  we  delete  redundant  information  from 
DIF.  For  every  atom 


a  =  (p.,  —  ...  —  P.* .q)  €  DIF 


no  atom  of  the  form 


(P..  —  5  —  P., 


Pn  ■  l) 


should  be  in  DIF. 

The  operator  V  is  roughly  the  inverse  of  A.  If  M.i  denotes  Mi  A  .A/j,  then 
.\/i  =  .\/3  V 

The  effect  of  A  and  v  transrni.ssion  trees  instead  of  on  sets  of  atoms  is 
now  self-explanatory.  Further,  tiie  time  and  space  that  these  operators  require 
when  applied  to  transmission  trees  is  linear  in  the  sizes  of  the  first  and  the  second 


i 


operands,  up  to  multiplicative  factors  of  polynomial  size  in  n.  The  key  idea  is  again 
a  proper  choice  of  the  data  structure.  Every  transmission  tree  will  be  represented 
as  an  n-ary  tree,  where  each  node  may  be  connected  to  at  most  n  -  1  other 
nodes  representing  the  other  n  —  1  processors,  and  to  a  special  node  carrying  the 
content  corresponding  to  the  chain  defined  by  the  path  from  the  root  to  that 
node.  We  represent  each  such  node  by  a  vector  of  size  n  containing  pointers  to 
its  sons.  Locating  a  pointer  to  a  son  involves  only  0  (log  n)  time.  E.xecuting  A 
involves  visiting  nodes  in  the  transmission  tree  of  the  first  operand  in,  e.g.,  depth 
first  search  order,  and  adding  or  deleting  pointers  in  some  nodes  according  to  the 
second  operand  and  the  data  structure  described  below. 

A. 5  The  Data  Structure 

The  data  structure  that  each  processor  p  that  is  healthy  at  a  round  I  uses  in  every 
run  p  of  NIP  is  called  the  Necessary  Knowledge  Data  Structure  and  is  denoted 
by  iV/i  [p](p, /).  It  is  an  efficient  data  structure  for  encoding  the  knowledge  of  p 
at  round  /  in  p,  and  it  is  especially  designed  for  allowing  swift  updates  as  new 
information  flows  in. 

The  data  structure  N K\p]{p,l)  is  a  graph  in  which  both  the  vertices  and  the 
edges  are  labelled.  Each  of  its  vertices  denotes  a  pair  (g,  k),  where  g  is  a  processor 
and  k  is  a  round,  for  0  <  k  <  1.  The  vertex  corresponding  to  (g,  k)  is  labelled  by  the 
nc-state[p](p,l)  of  g  at  round  k,  and  is  denoted  LB(q,  k).  The  vertex  corresponding 
to  (g,0)  is  labelled  nc-healthy[p](p, /)  for  all  g. 

There  is  an  edge  between  two  vertices  (r, /)  and  (s,k)  in  the  graph  iff  r  7^  s 
and  1/  -  A:|  =  1.  The  label  of  the  edge  ((r,k  —  l),(s,k))  is  denoted  by  LB{r,s,k). 

If  p  knew  at  I  that  r  was  healthy  at  k,  then  LB{r,pJ)  would  only  carry 
INPUT{r,k).  Otherwise,  LB{r,p,k)  carries  only  that  part  of  the  new  information 
that  r  conveyed  to  p  at  k  that  p  can  trust  at  I  only  if  p  knew  at  I  that  r  was  healthy 
at  k. 

For  s  ^  p,  LB{r,s,  k)  is  undefined  unless  p  knows  at  I  that  s  was  healthy  at 
In  that  case  LB{r,s,k)  carries  the  new  information  that  s  conveyed  to  p  at  A: -(-  1 
about  M(r,s,k),  that  is,  the  difference  between  M{r,s,k)  and  Pr\’OT[r,p.k). 

A. 6  The  Procedure  for  Updating  NK 

Processor  p  inductively  constructs  .VA'(p](p,/)  from  both  .VA'[p](/;./  -  1)  and  the 
messages  it  receives  at  round  I  as  follows: 

Base  (/  =  1):  For  every  (g,0),  LB{(],p.  1)  <—  .\/(g,p,  1).  All  the  other  edges  in 
.VA'[p](p,  1)  are  not  labelled. 


Step:  ,\ssume  inductively  that  XK(p,l  —  1)  was  already  built.  Consrnnt 
yK(p,l)  by  invoking  the  routine  UPDATE_NK(/j. /)  that  is  described  below 

This  routine  performs  three  basic  tasks:  First,  for  every  <;  so  that  ^  0. 

p  trusts  the  information  that  q  conveyed  to  p  at  /  -  1.  Next,  for  every  q  so  that 
M{q,p,l)  7^  0,  p  examines  the  consistency  of  the  message  that  q  transmits  to  it  at 
1.  Finally,  for  every  processor  q  so  that  either  [qj  -  1)  G  nc-pseudo-healthy(/)./) 
or  {q,l  —  1)  G  nc-pseudo-dead(p,/),  p  checks  if  there  are  enough  witnesses  to  prove 
that  q  was  in  fact  ill  at  /  —  1. 

Procedure  UPDATE.NK(p,/) 

;This  procedure  constructs  NK{p,l)  based  on  NK(pJ-  l)  and  on 
:the  messages  that  p  receives  at  round  /. 

For  every  {q,k).  k  <  I 

LB{q,k)  in  NK{pJ)  LB{q,k)  in  NK{pJ  -  1). 

:  For  every  q  so  that  M{q,p,l)  ^  trust  the  information 
:  that  q  conveyed  at  /  -  1. 

For  every  q  satisfying  M{q,p,l)  ^  0 
TRUST(5,/-  1) 

;  For  every  q  so  that  M[q,p,l)^%.  examine  the  consistency 
:  of  the  message  M{q,p,l). 

For  every  q  satisfying  M{q,pJ)  ^  0 
EXAMINE(<7,p,/) 

;  For  every  q  so  that  either  {q,l  -  1)  E  nc-pseudo-healthy(p, /)  or 
;  {qJ  —  l)E  nc-pseudo-dead(p, /) ,  check  if  there  are  enough 
:  witnesses  to  prove  that  q  was  ill  at  /  -  1. 

For  every  q  s.t.  LB{q,l  -  1)  =  nc-pseudo-healthy(p, /) 

If  CHECKJLL(?,p,/)  then  LB(qJ  -  1)  -  nc-ill(p,0 
For  every  q  s.t.  LB(q,l  -  1)  =  nc-pseudo-dead(p,  /  -  1) 

If  CHECKJLL(?,p,/)  then 
LB{qJ  -  1)  ^  nc-ill(p,/). 

TRUST(7,/  -  2). 

RETURN 


Routine  TRUST((7,  A;) 


I*' 

Cl 


This  procedure  adopts  the  information  transmitted  by  {q.k). 

If  LD{qJc)  =  nc-healthy(p,/)  then  RETURN 
Else 

LB{q.k)  1—  nc-healthy(p,0 

For  every  son  r  of  LB{q,p,k)'s  root 

LB{r,q,k  -  1)  ST{r,q,k  -  l\LB{{q.p,  k)) 

If  LB(r,q,k  -  1)  /  0  then 
If  LB(r,k  -  1)  =  nc-pseudo-healthy(p, /)  then 
LB[r,k  —  1)  nc-ill(p,Z) 

If  LB{T,k  -  1)  =  nc-pseucio-dead(p, /)  then 
LB{r,k  -  1)  nc-ill(p,Z) 

TRUST(r,A:-2) 

For  every  r  s.t.  LB(r,k+  1)  =  nc-pseudo-healthy (p, /) 

If  r  lied  about  A/(g,  r,  fc)  at  A:  +  1.  i.e..  ST{q,  r,k\LB{r,p.k  +  1))  ^  0. 
then  LB(r,k+  1)  nc-ill(p,Z) 

LBiq,p.k)  ^  INPUT{q,k) 

RETURN 


Routine  CHECK.ILL(5,p,Z) 

:This  procedure  checks  whether  there  are  sufficient  witnesses 
:for  letting  LB{q,l  -  1)  be  nc-ill(p,Z)  instead  of  either 
:nc-pseudo-healthy(p,Z)  or  nc-pseudo-dead(p, Z) . 

Let  FAIL  =  lnc-failing(p,Z)|. 

If  there  are  more  than  t  —  FAIL  processors  r.r:^p,r^q. 
s.t.  M{q,  r.l  -  l|A/(r,p,Z))  M(q,rJ  -  l\M(q,pJ  -  1). 
i.e.  ST[q,r,l  -  l\LB{r,pJ))  ^  0 
then  RETURN(TRUE) 
else  RETURN(FALSE) 


Routine  EXAMINE((7,p,Z) 

Examine  the  consistency  of  M{q,pJ)  by  showing  that  for  every  r 
at  Z —  1 ,  q  conveyed  at  Z  consistent  information  about  that  r. 
Thereafter,  set  both  LB{q,l)  and  LB(q,pJ) . 

Check  the  syntax  of  the  message 
LB{q,pJ)  ^  M{q,p,l) 

For  every  r.  r  ^  q.  r  ^  p 


i 


V 


LB{rJ  -  1)=  nc-healthy(p,/) 

If  M{r,q,l  -  1|A/(7,p,0)  =  M{r.q.l  -  l\M{r,pJ  -  1)) 
then  LB{q,p,l)  —  PRU N E{r,qJ  -  l\LB(q,pJ)) 

Else  DETECTJLL(g,p,0;  RETURN 
LB{rJ  -  1)=  nc-dead(p,/) 

If  M(r,g,/-l|A/(g,p,/)  =  0 
then  LB{q,p,l)  —  PRUNE{r,q,l  -  l\LB[q,pJ)) 

Else  DETECTJLL(g,p,/):  RETURN 

Else, 

If  -NEW_INF0RMATI0N(r,9,p,/) 
then  DETECTJLL(«7,p,/);  RETURN 
TREE  ^  ST(r,qJ  -  l\LB{q.p,l)) 

If  ^CONSISTENT(r,/  -  2, TREE) 
then  DETECTJLL(7,p,/);  RETURN 

ENDCASE 

SET.LABEL((/.p,/) 

LB{qJ)  —  nc-pseudo-healthy(p,/) 

RETURN 

Routine  NEWJNF0RMATI0N(r.(7,p,/) 

:  Check  that  q  conveyed  to  p  at  /  only  new  information  about  r. 


For  every  atom  (.  . . 


q,a)  e  Miq^p.l) 


Let  (. . .  —  5  — ►  q,0)  be  the  corresponding  atom  in  R\'{qJ  -  2) 

\f  a  =  3  then  RETURN(FALSE) 

Check  that  atoms  carrying  0  content  were  conveyed  only  when 
:  really  needed. 

For  every  (p,,  p^  q,<d)  G  M(q,p,l).  where  p^  =  r 

{Pii  s  —  p„  —  . .  .  (7,a)  €  M(q,pJ) 

then  RETURN(FALSE) 

RETURN(TRUE) 

Routine  CONSISTENT(r. A:. r/?EE) 

:  Check  the  consistency  of  the  information  that  r  claimed  to  have 
;  received  at  k,  assuming  that  the  information  conveyed  in  TREE 
:  is  reliable.  Notice  that  the  root  of  TREE  is  labelled  r. 


:  Find  the  nc-known(r, A:|7'/?£’£’)  processors  at  fc  -  I  based  on 
:  RV{r.lc-  1)  and  assuming  the  information  in  TREE. 

For  every  s  satisfying  M{s,  r,k\T REE)  51^  0 
lf(s,A:  -  1)  e  nc-pseudo-healthy(r, A:  —  1) 
then  TRUST(s,A'  -  1) 
else  RETURN(FALSE) 

;  Check  the  consistency  of  the  messages  that  r  received  at  k. 

:  First  check  that  if  {w,k-  1)6  nc-known(r, A:|T/?E£')  then  there 

:  is  no  chain  in  T  REE  of  the  form  . . .  —  w  —  s  ~  r . 

CHECK: 

For  every  {w,k  -  1)  6  nc-known(r, fclTi^EE) 

If  a  son  of  tree's  root  has  a  son  labelled  w 
then  RETURN(FALSE) 

:  Next  check  that  processor  r  checked  at  k  the  consistency  of 
:  the  message  that  it  received  from  every  son  s  of  TREE’S  root. 
For  every  son  s  of  TREE'S  root 
NEW TT REE  -  ST{s,r,k\T REE) 

lf-CONSISTENT(s,/t-  I, NEW JT REE)  then  RETUR(\1(FALSE) 
RETURN(TRUE) 


Routine  DETECTJLL(^.  p,/) 
LD{q.l)  —  “detected  ill" 
LB{q,pJ)  ♦—  ■■  detected  ill" 
RETURN 


Routine  SET.LABEL(<7,p,/) 

Create  LD(q,p,l)  by  first  constructing  a  single  node  tree,  with  root  1/  labeled  q 
Next,  append  a  son  to  that  node  with  label  I N PUT{q.l\M{q.  pj)). 

Finally,  for  every  r,  r  ^  p  and  r  ^  q.  s.t.  LD{r.l  -  1)  is  neither  nc-healthy (/i. /) 
nor  nc-dead(p,Z),  append  the  root  of  the  tree 

M{r,qJ  -  l\M{q,pJ))  A  PI\'OT{r.pJ  -  1) 
to  u.  This  tree  can  be  computed  efficiently  using  the  formula  in  section  A. 8 
RETURN 


A. 7  The  Transmission  Procedure 


The  transmission  proeedure  for  processor  p  at  round  /  +  1  in  a  run  of  NIP  iio’olv.'s 
two  steps;  First,  p  constructs  the  data  structure  .V  A’ (p,/)  by  ujjdating  .\  K  {p.l  —  1) 
according  to  the  messages  that  it  received  at  round  1.  Next,  for  every  s  such  that 
LD[sJ)  is  either  nc-pseudo-healthy(p,/)  or  nc-detected-ill(p,/),  it  merges  tlie  laliels 
{LB{(p  pj)}q^p,,  thereby  creating  the  transmission  tree  TT(p.s.l  +  1).  If.  on  the 
other  hand,  p  has  seen  t  faulty  processors  by  the  end  of  round  1.  it  knows  that  all 
the  transmitting  processors  were  healthy.  Thus  the  only  information  it  transmits 
at  /  +  1  is  its  INPUT.  The  transmission  procedure  follows. 

Procedure  NIP.MESSAGES(p,/  +  1) 

:This  procedure  generates  p’s  transmission  at  /+  1. 

UPDATE-NK(p./) 

For  every  s 

If  LD(sJ)  —  nc-pseudo-healthy(p,/)  then  TRANSMIT(p,  ,s',/  +  1) 

If  LD(sJ)  =  nc-healthy(p,/)  then  TT{p,sJ  +  1)  —  INPUT[pJ) 

RETURN 

Procedure  TRANSMIT(p.s,/  +  1) 

This  procedure  generates  M{p.sJ+\) 

Create  TT{p,sJ  +  1)  by  first  constructing  a  single  node  tree,  with  root  u 
labelled  p.  Next,  append  a  son  to  that  node  with  label  INPUT(p.l). 

Now.  for  every  r.  r  ^  p  and  r  ^  s.  make  the  root  of  LD{r,p.l) 
a  son  of  u. 

RETURN 

A. 8  Routine  SET -LABEL 

In  this  section  we  indicate  roughly  how  to  evaluate  the  tree  LD{q.p.l)  used  in 
routine  SET.L.A.BEL.  Notice  first  that 

ST{s.r.!  -  2\LD(q.p.l))  =  M{s.  rj  -  p.l)]  A.^/(.s■,r./  -  2!.\/(r.p,/  -  1)). 

We  ron.sider  the  two  terms  on  the  right  hand  si<le. 

Bv  definition. 

.\/|.s.  r.l  -2':M{q.p.l))  =  ST{.-^.r.l-2\.M{<].p.l)yPP'()T{s.q.l-2\M{q.p.l-  D). 
.\^sume  fi)r  the  moment  that 

rr.'OTIs.,/./  --  2\.\I{,i.p.l  -  1)1  =  Mis.q.l  -  2). 


The  case  where  the  two  terms  above  are  different  is  treated  similarly. 
Recall  that 

A/(s,9,/  -  2)  =  LB{s,q,l  -  2)  V  PI\'OT{s,p.l  -  2), 
and  using  the  associativity  of  V> 

M{s.rJ  -  2\M{q,pJ))  = 

{Sr{s,rJ  -  2\M(q.pJ)  V  LB{s.qJ  -  2))^  Pn'OTis,  pj  -  2). 


d/(s.r,/  -  2\M{r,pJ  -  1))  =  ST(s,rJ  -  2\LB(r,pJ  ~  1))  y  PIVOT{s,pA  -  2). 
But  we  have  the  following  relation, 

(A/,  y  M)  A  (A/2  y  M)  =  Ml  A  A/j. 

thus, 

ST[s.rJ  -  2\LB{q,pJ))  ^ 

{ST{s,rJ  -  2\M{q,pJ))  y  LB(s,qJ  -  2)}AST{s.rJ  -  2\LB(r,pJ  -  1)). 

The  time  and  space  used  in  evaluating  this  formula  is  estimated  in  the  proof 
of  lemma  13  in  appendix  E.2. 

B  The  Consistency  Test  in  NIP 

In  this  section  we  prove  that  the  consistency  test  of  messages  performed  in  NIP  is 
as  effective  as  the  most  general  consistency  test.  More  specifically,  let  p  be  healthy 
at  /  in  a  run  of  NIP.  Suppose  that  p  tries  to  determine  whether  q  was  ill  at  /  by 
examining  the  message  that  q  transmitted  to  it  at  1.  It  is  fairly  simple  for  p  to 
check  whether  q  forwarded  correctly  the  messages  that  q  received  at  /  -  1  from 
each  r,  so  that  p  knows  at  I  that  r  was  either  healthy  or  dead  at  /  —  1.  When  p 
does  not  know  at  I  that  r  was  either  healthy  or  dead  at  /  —  1.  then  the  only  facts 
that  p  may  and  will  check,  are  that  q  transmitted  only  new  information  about  r 
and  that  q  checked  at  /  -  1  the  reliability  of  the  message  that  r  transmitted  to  it. 

In  lemma  2  we  prove  that  p  need  only  check  that  q  checked  the  consistency  of 
the  new  information  that  q  conveyed  to  p  at  /  about  r.  To  this  end  consider  an 
Extended  New  Information  Protocol  called  ENIP.  The  routines  that  define  ENIP 
are  identical  to  the  routines  of  NIP  with  one  exception;  In  ENIP  the  routine 
CONSISTENT  checks  all  the  atoms  that  are  conveyed  instead  of  checking  just  the 
new  information. 

Here  is  the  routine  CONSISTENT  used  in  E.NIP: 


Routine  CONSISTENT(r. A:, T/?£'£’) 

This  is  routine  CONSISTENT  in  ENIP. 

Check  the  consistency  of  the  information  that  r  claimed  to  have 
received  at  k,  assuming  that  the  information  conveyed  through 
TREE  is  correct. 

Find  the  nc-known(r, A:|Ti?£'E)  processors  at  k  -  I  based  on 
R\'{r,k—  1)  and  assuming  the  information  in  TREE. 

For  every  s  satisfying  M{s,r^k\T REE)  /  0 
lf(s.  A:  -  1)  £  nc-pseudo-healthy(r, A:  —  1) 
then  TRUST(s,A'  —  1) 
else  RETURN(FALSE) 

Check  the  consistency  of  the  messages  that  r  received  at  k. 
First  check  that  if  {iL\k  —  1)  G  nc-'known.{r,k\TREE) ,  then  no 

atom  of  the  form  (. . .  —  u;  — ►  s  —  r,  a)  was  conveyed  by  s  to 
r  through  M{s,  r,k\T RE E)  that  is  inconsistent  with 
(u'.A-  -  1)  G  nc-known(r,  A’|ri?£rE) . 

In  NIP  the  following  test  is  performed  instead: 

If  a  son  of  TREE'S  root  has  a  son  labelled  w 
then  RETURN(FALSE). 

CHECK: 

For  every  (w,k  -  1)  G  nc-l<nown(r, A'|ri?EE) 

If  some  s  conveyed  to  r  at  A:  an  atom  of  the  form 
{. . .  ^  w  —*  s  r,a)  through  M{s,r,k\TREE) 
that  is  inconsistent  with  {w,k-  1)  G  nc-known(r,  A|r/?£'£') 
then  RETURN(FALSE) 

Next  check  that  processor  r  checked  at  k  the  consistency 
of  all  the  messages  that  it  received. 

In  NIP  the  following  '‘for’’  statement  is  performed  instead: 

For  every  son  s  of  TREE'S  root 
For  every  s 

NEW  J:  REE  —  ST{s,r,k\TREE) 

If -C0NSISTENT(5,it  -  l,NEWJ'REE)  then  RETURN(FALSE) 
RETURN(TRUE) 


In  lemma  2  we  state  that  this  strong  consistency  check  b  no  more  effective 
than  the  consistency  check  in  NIP.  In  fact,  p  detects  at  /  that  q  is  ill  at  I  in  ENIP 
iff  it  does  so  in  NIP. 


Leinma  2  For  tjiven  I\P!'T.  (\A  nrni  appropnatt  AD\'  .  Ift  p  and  be  runs 
of  .\[P  arid  E.\IP  with  thtsf  parnrritti  rs  Then  EXI/'':  =  Zr.Vl;/). 

Pr'"  f.  F  r  p  'L’r  i;  hi  i'-iictc  <’(>NS1STE\T  .uii!  TREE  by  CX  ;ind  TR 

ri\ 

Wi'  p.r  b\  iii  i:i'  •.  .n  li  ttif  r  .uiiii  iiumbfr  /  th.it  .i!'.  ]’riu't'>sors  transmit 
\  i(  t K  t  hr  s,i III*  1  ,1;  t  .  tt  ii  f  ,i n  - 1 

D.tsf  1  =  1  Tt:’.  lai  -ni*  •  < 'N  1-  n'*\<*r  iiiv*ikf*i 

Imlut  ri\>*  rf,*;  A-"-n:ii'- T  i.,it  th.- pr.i.  t‘'>sor'- trau-mii  ''V.itU  t  he  same  messages 

lip  to  ami  im  Imi.ne  r>  isii  1  :  m  b.'tli  run'.  now  [.r.n-,*  timt  they  will  also  transmit 
the  same  messas'>*>  at  /  -r  1 

This  claim  iS  trivial  for  ill  processors  at  /  -r  1  as  well  as  for  dead  [irocessors 
there.  U’e  are  therefore  left  with  the  healthy  processors  .it  /  -e  1.  For  every  such 
healthy  process, -jr  at  /  -^  1  we  must  show  tiiat  <U  /  tiiat  [troi’essor  had  precisolv  the 
same  reduced  view  in  p  and  in  . 

Lc't  be  such  a  healthy  processor  at  /  +  1.  tuid  <assume  that  processor 

transmits  to  ,  at  1.  If  was  either  healthy  or  dead,  there  are  no  problems. 
The  case  that  does  recpiire  careful  examination  is  when  is  ill  at  /.  In  fact 
we  must  show  that  {p,^J)  €  nc-detected-ill[p](pn^, . /)  iff  (Pn-/)  6  nc-detected- 

The  “if"  case  is  trivial.  We  concentrate  therefore  on  the  “only  if"  part.  We 
prove  the  following  slightly  involved  claim  by  induction  on  the  depth  of  the 
recursive  invocation  to  CN. 

1.  For  every  depth  j  sequence  of  recursive  invocations  to  CX  with  parameters 

-  2,Ti?fc_i),{p,q_2,f  -  3,TRk-2) . (Pi*_,  X  -  j  -  l.TRk-j) 

in  p  there  exists  exactly  the  same  sequence  in  . 

2.  CN(p,q_^,/  -  j  -  l,TRic-j)  returns  FALSE  in  p  at  step  CHECK  iff 
CN(pn_^,/  -  j  -  l,TRk-j)  does  in  p^. 

3.  If  there  exists  a  depth  j  sequence  of  recursive  invocations  to  CX  with 
parameters 

-  2,r/?t_i),(p,q_2,/  -  3,TRk-2) . -  j  -  l^TRk-j) 

in  p^,  and  if  there  is  no  such  setpience  in  p,  then  CX(p,q_^  S  —  j  —  l.T Rk-j) 
returns  TRUE  in  p^ . 


We  now  present  the  proof  of  the  inductive  hypothesis. 

Base  j  —  0:  \IP  and  ENIP  are  identical  before  invoking  CN. 

Inductive  step:  We  proceed  to  prove  1,  2  and  3. 

Proof  of  1:  By  1  in  the  inductive  hypothesis,  if  there  exists  a  depth  j  -  1 
sequence  of  recursive  invocations  to  CN  in  p  then  there  exists  exactly  the  same 
sequence  in  .  By  2  in  the  inductive  hypothesis,  the  call  to  CN  at  depth  j  -  I 
in  that  sequence  in  p  returns  FALSE  at  step  CHECK  iff  it  does  so  in  p^ .  By  3 
in  the  inductive  hypothesis,  if  there  exists  a  recursive  invocation  to  CN  within  the 
depth  j  —  I  call  in  that  sequence  in  that  does  not  appear  in  p,  then  it  returns 
TRUE  in  p^ .  The  statement  now  follows  since  whenever  CN  is  recursively  called 
in  p,  it  is  also  called  in  p^ . 

Proof  of  2;  This  is  the  crux  of  the  inductive  claim.  Obviously,  if  (wj  —  j  —  2)  €. 
nc-known(pn_^ ,/  —  i  —  1)  then  CN  returns  FALSE  at  step  CHECK  in  p  when 
examining  the  atom 

/  '-t-’  \ 

(. . .  —  u-  —  s  —  p,*_^ ,  q) 

in  T Rk-j  iff  it  does  so  when  examining  the  same  chain  in  p^ . 

Problems  may  arise  therefore  only  while  examining  in  p^  some  atom 

that  does  not  appear  in  TRk-j  and  so  that  (w,l-j-2)  €  nc-known(p,n_^ ,/- j-  1). 
In  p^  this  atom  might  create  an  inconsistency,  whereas  in  p  it  is  not  checked  at 
all.  We  now  show  that  this  atom  need  not  be  checked. 

More  formally,  assume  that  in  p  the  call  to  CN  at  depth  j  did  not  return 
FALSE  at  CHECK,  whereas  in  p^  that  same  invocation  returned  FALSE.  Thus, 
for  some  w  such  that  {wj  -  j  -  2)  E  nc-known(p,j.^ ,  /  -  j  -  1)  and  for  some  s  so 
that  the  atom 

(. . .  —  u;  —  s  ^  pi,_^ ,  a) 

is  not  in  TRk-j,  this  atom  carries  new  information  to  Pn_^  at  /  —  j  —  1.  Carrying 
new  information  means  that  the  atom 

—  p,y_^ ,  3) 

satisfies  3  ^  a. 

We  show  this  to  be  impossible  by  considering  the  following  three  cases; 

Case  1:  ^\/(u;,p,^,/  -  j  -  1)  /  0  (in  both  p  and  p^). 

Then  (ir,l  -  j  —  2)  E  nc-healthy(pn , /  —  j  -  1)  and  .s  conveyed  correctly  to  /),q 
the  information  it  received  from  w.  Further,  since  the  atom 

/  i—j—\  I 
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is  not  in  TRk-j.  s  conveyed  the  same  atom  to  and  to  at  /  —  j  -  1  (in 

~  !))•  Sy  assumption  the  call  to  CN  at  depth  j  in  p  did  not  letiini 
FALSE  at  CHECK,  thus  conveyed 


w 


i-j-i  , 

s  Pi,.,  a) 


at  Z  —  j  —  1,  which  is  not  new  information  -  a  contradiction. 

Case  2:  -  j  —  1)  —  id  and  A/(tn,Pn_^,Z  -  j  -  1)  0. 

Since  .M{w,  J  -  j  —  1)  0  and  since  the  call  to  C\  at  depth  j  in  p  did 

not  return  FALSE  at  CHECK,  then  atoms  of  the  form 


cannot  carry  new  information  to  pi*_y  -  a  contradiction. 

Case  3:  M{w,pi,^,l  -  j  —  1)  =  0  and  A'/(w,p,y_^ , Z  -  j  -  1)  =  0. 

A/(u’,Pn_^  ,Z  -  J  -  1)  =  0  implies  that  {w,l  -  j  -  2]  E  nc-dead(p,j_^  .Z  -  j  -  1). 
and  the  meaning  of  the  atom  that  makes  CN  return  FALSE  at  CHECK  in  p^ 
is  that  5  conveyed  to  p,n_^  (and  also  to  p,^)  at  Z  -  A:  -  1  that  it  received  some 
nonempty  message  from  w.  We  proceed  to  show  that  this  leads  to  a  contradiction. 

If  for  some  f  <  I  -  j  -  2,  {w,  f)  €  nc-dead(p,j_j  ,l  -  j  -  3),  then  pi^_^  conveyed 
that  fact  to  p,j  at  Z  -  y  -  2,  and  therefore  p,^  believed  it  at  Z  -  j  -  1.  Thus,  p,^ 
also  knew  at  Z  -  y  -  1  that  w  was  dead  at  Z  —  y  -  2.  Now  s  conveyed  that  same 
atom  also  to  p.^,  therefore  the  healthy  p,y  at  Z  -  y  -  1  should  also  have  discovered 
that  s  was  ill  at  Z  -  y  -  1,  which  it  did  not  -  a  contradiction. 

Otherwise,  there  is  no  such  /,  and  in  particular,  p,,.,  did  not  know  at  Z  -  y  -  3 
that  w  would  be  dead  at  Z  —  y  —  2.  Assume  next  that  Pn_^  discovered  at  Z  —  y  —  2 
that  w  was  dead  at  Z  -  y  -  2,  that  is,  {w,l  -  y  -  2)  G  nc-dead(pn_^ . Z  -  j  -  2). 
Thus  Pi^.,  discovered  only  at  Z  —  y  -  2  that  w  was  ill  at  Z  -  y  -  3.  This  could 
have  happened  only  after  invoking  the  procedure  CHECK.ILL  within  procedure 
UPDATE-NK.  It  follows  that  there  are  more  than  t  —  FAIL  messages  that  are 
different  from  M{w,p,,^_^J  -  y  -  3)  that  were  transmitted  to  Pt,_,  at  Z  -  y  -  2.  At 
least  one  of  the  processors  that  transmitted  such  a  message,  say  c.  was  healthy  at 
Z  -  y  -  2  and  also  at  Z  -  y  -  1.  Thus  p,^  knew  at  Z  -  y'  -  1  at  least  two  different 
versions  of  the  messages  that  w  transmitted  at  Z  —  y  -  3;  One  from  Pn_^  at  Z  —  y  —  2 
and  the  other  from  e  at  Z  -  y  -  2. 

Recall  now  that  knew  at  Z  —  y  —  1  that  both  Pn_^  and  r  were  liealtliy  at 
Z  —  y  —  2,  therefore  it  also  must  have  known  that  w  was  ill  at  Z  -  y  -  3  and  therefore 
dead  at  Z  —  y'  -  2.  Thus  p^  should  have  detected  at  Z  -  y  -  1  that  s  was  ill  at 
I  -  j  -  1  -  a  contradiction. 


mm. 


W'e  are  left  with  one  more  case:  {w.l  —  j  —  2)  ^  nr-(lead(/;n_^  -I  —  J  —  Tlius 
Pn_,  discovered  only  ;\t  I  —  j  —  I  that  w  was  ill  at  /- 7  -  3.  Another  look  at  routine 
UPDATE-N’K  reveals  that  there  must  have  been  at  least  one  call  to  procedure 
TRUST,  and  therefore  there  must  have  been  some  r  so  that  .1  -  j  —  1) 

0.  Thus  p,j_  trusted  A  —  j  —  2)  and  inferred  therebv  that  w  was  ill  at 

l-j-3.  '' 

Recall  that  by  assumption  the  call  to  CN  at  depth  j  in  p  did  not  return  FALSE 
at  CHECK,  thus  the  atom 

(. . .  —  (U  —  s  —  .  q) 

cannot  carry  new  information  to  -  a  contradiction. 

This  completes  the  proof  of  item  2  of  the  inductive  hypothesis. 

Proof  of  3:  Assume  there  was  a  depth  7  sequence  of  recursive  invocations  to 
CN  with  parameters 

-  2,ri?i_i),(p,^_j,i  -  3,rRt_2),....(p.q_^,/  -7  -  \,TRk-i) 

in  p^,  and  that  this  sequence  is  absent  from  p.  Thus  there  e.xists  a  minimal 
/.  0  <  /  <  7  so  that  CN(p,q_^,Z  -  /  -  is  invoked  in  p^,  but  not  in 

p.  Therefore  CN(pj^_^^,,l  -  f,TRk-f+i)  (or  EXAMlNE(p,^ , p^^, . /)  if  /  =  0)  is 
called  in  both  runs.  Since  there  was  no  recursive  call  to  CN(p,q_^,/  -/  -  1,T Rk-f) 
in  p,  the  subtree  that  Pi\_^^,  transmitted  about  p.y,^  (in  /?V(p,^./  -  1))  was 
either  empty,  "detected  ilP  or  a  single  node  labelled  p,q_^  carrying  an  IX PUT. 
The  interesting  case  is  the  third.  If  /  =  1,  then  p,q_,  and  p.^  receive  the  same 
messages  at  /  -  2  in  /?V[p^](p,^,Z  -  1),  up  to  the  weak  information  symmetry  of 
NIP.  Tlius.  the  recursive  call  to  CN(pi\_^,Z  -  /  -  i.TRk-j)  in  p^  returns  true  iff 
Pn  checks  the  consistency  of  the  messages  that  it  receives  at  /  -  2  in  p^.  But  since 
A/[p^](p,q,p,^_,,/)  0,  p,^  is  healthy  at  /  —  1  in  p^,  and  therefore  it  certainly 

checked  the  consistency  of  the  messages  that  it  received  at  Z  -  2.  The  argument 
for  /  >  1  is  similar.  Just  notice  that  p^.^  and  p^  receive  the  same  messages  at 
k~  f  —  1  in  R\'\p^](p,i^J  —  1),  up  to  differences  due  to  weak  information  symmetr>’. 
This  completes  the  proof  of  item  3  of  the  inductive  hypotliesis.  I 


C  CK  Characterization  in  NIP 

In  this  section  we  introduce  the  critical  round  of  a  run  p  at  a  round  /  which  we 
denote  ('R\p\(l].  It  plays  a  central  role  in  the  cin.s.sihration  of  the  facts  that  are 

3G 


c: 
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common  knowledge  at  round  /  in  the  run  p  of  NIP  or  of  other  protocols.  Refer 
to  [DM]  and  [MT]  for  a  similar  definition  in  the  crasli  and  tlie  omission  models 
respectively. 

Let  .Y[p|(^)  be  the  number  of  processors  that  fail  at  k  in  p.  Let  the  segment 
critical  round  of  run  p  at  round  /,  sg-C/JlpK/),  be  the  smallest  round  number  j 
such  that  the  following  threshold  inequalities  are  satisfied: 

t  —  .V[/3)(L‘)  >  I  —  k  for  j  <  k  <  1. 

The  critical  round  of  p  at  I,  CR[p][l),  is  defined  by  : 

CR{p]{l)  ~  minsg-C/?[p'](0. 

fi'-Lp 

Roughly  speaking,  the  basic  property  of  C R[p](l)  is  that  the  states,  IXPUTs 
and  transmissions  of  each  processor  q  at  k,  so  that  k  >  C R[p]{l)  and  q  does  not 
fail  at  CR[p\{l),  are  not  common  knowledge  at  I  in  p.  Refer  to  [MT]  for  more 
details  on  the  relation  between  facts  that  are  common  knowledge  at  a  round  and 
the  critical  round  corresponding  to  that  round.  • 

C.l  CK  Evaluation  in  NIP 

fn  this  section  we  develop  a  procedure  that  allows  every  processor  that  is  healthy 
at  a  round  in  a  run  of  NIP  to  evaluate  the  critical  round. 

The  definition  of  the  critical  round  indicates  that  evaluating  CR[p]{l)  might 
involve  checking  all  the  runs  in  the  /-similar  equivalence  class  of  p.  Surprisingly, 
each  processor  p  that  is  healthy  at  a  round  I  in  p  need  only  consider  runs  that 
are  (p,/)-equivalent  to  p  for  performing  that  evaluation.  Fortunately,  the  data 
structure  ,VA'[p|(p,/)  naturally  engenders  a  method  for  calculating  the  critical 
round  at  1. 

The  idea  behind  the  procedure  that  p  uses  in  order  to  evaluate  the  critical 
round  is  as  follows:  After  having  assigned  nc-stares(/;. /)  to  every  pair  (processor, 
round),  p  assigns  at  I  another  type  of  state  which  we  call  the  pr-statelp.l) .  There 
are  basically  three  different  types  of  pr-state(p,  1):  pr-healthy(/).  1),  pr-ill(/'./)  or 
pr-dead(p./).  The  crux  of  the  problem  is  the  choice  of  pr-state(/;. /)  for  pairs  that 
are  either  nc-pseudo-healthy(/J, /)  or  nc-pseudo-do.ad(/). /). 

C.2  A  Procedure  for  Evaluating  the  CR 

The  procedure  that  proce.ssor  p  uses  at  round  I  for  evaluating  the  rritir.al  round 
at  I  follows: 
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Procedure  CR(/) 

For  every  (q.k) 

(q.k)‘s  pr-state(/j, /)  —  (<].k)'s  nc-state(/(. /) 
EVAL.CR(/) 
end 


Procedure  EVAL_CR(A') 
k  —  JUMP(A-) 

If  there  exists  some  rn  so  that  {pm,k)  €  pr-pseudo-dead(/)./) 
then  LB{pm.k)  •—  pr-ill(p,/) 

TRUST(p„,^--  1) 

EVAL-CR(A.-  -  1) 

Else  RETURN!  "C/?{/)  ==  F) 


Procedure  JUMP(^') 

Let  i!>  —  /  -  |{^  I  (q.k)  €  pr-dead(p./)  U  pr-pseudo-dead(p,/)}| 
U  6>  I-  k  then  RETURN((JUMP(/  -  <5)) 

Else  RETURN(A-) 


Tliis  procedure  for  evaluating  common  knowledge  readily  generalizes  to  deter¬ 
ministic  protocols  other  than  NIP. 


D  The  Proof  of  Theorem  1 

U'e  begin  this  appendix  by  proving  the  following  justification  of  our  definition  of 
an  information  symmetric  protocol: 


Lemma  3  The  protocol  7  =  {Pfp,/)}  ^  information  symmetric  iff  for  every  pair 
of  runs  a  ami  a'  of  7  in  which  p  is  healthy  at  1.  for  all  processors  q  and  r. 
Mla](p.q.l)  =  M\a'](p.qJ)  iff  M[cr](p,rJ)  =  .\/[cr'](p.  r./). 


Proof:  =>  .Assume  that  .\/[<t](p, 7,/)  =  .A/[i7'](p. 7. 1).  Then 

-  0)  =  -  in 

implying  that 


-1 


D)  =  (^(F, 


i-i 


F'l 

Un.i] 


(\’[cr'I(p,/  -  I)). 
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Since  7  is  information  symmetric, 


o  -  1))  =  (Ffp,,)-'  o  -  i)). 

Now,  this  implies  that 

- 1))  =  Fi^.i)iy[^']ipj  - 1)) 

and  therefore  .\/[(7j(p,  r,/)  =  .\/[<T'](p,  r,/). 

-s=  Let  V'[<7](p,/  -  1)  be  a  view;  thus,  by  definition,  p  is  healthy  at  /  in  a.  Let 

V[a']{pJ  -  1)  G  o  F^^  ,^[V[a]{pJ  -  1)) 

where  again  p  is  healthy  at  /  in  a' .  Then 

implying  that  A/[crl(p, ^,1)  =  .\/(<T'](p, 5, 1).  Applying  the  assumption,  we  have 
.\/[<7](p,  r, /)  =  .\/[ct'](p,  r,l),  which  implies  in  turn  that 

V{a'\{pJ  -  1)  €  (Ffp,,))-*  o  F(;,,)(V-H(p./  -  1)).  I 

The  following  lemma  redefines  our  notion  of  conveying  by  replacing  each  knowl¬ 
edge  operator  with  an  universal  quantifier. 

Lemma  4  Assume  that  p  is  healthy  at  I  in  p  and  p  \=  K^p 

(p.'-i)  (».') 

p  conveys  ‘p  to  q  at  I  in  p  iff.  for  every  p'  p  and  for  every  p"  ^  p' ,  so 

that  p  is  healthy  at  I  in  /.  P"  N 

We  proceed  now  to  prove  theorem  1  by  the  following  lemmas: 

Lemma  5  If  a  protocol  7  is  an  R.CP ,  then  7  is  ck-informative. 

Proof:  Following  the  notations  of  definition  2,  let  7  =  {^(P,  /)}  be  an  R.CP.  Let 

T  11 

p  be  a  run  of  7 .  let  p  satisfy  p  ^  p,  and  let  p  be  a  basic  predicate  such 
that  p'  [=  Cip.  We  show  that  p"  ^  Cip.  where  p"  differs  from  p'  only  in  that  p 
transmits  at  I  in  p"  using  P(p,i)- 

Let  7'  and  7”  be  the  protocols  in  p'  and  p"  respectively.  Pick  an  arbitrary  run 
a  of  7"  satisfying  a  ^  p"  .  Thus,  for  some  runs  <7j  of  7" .  j  —  0,  1 . in. 

(P.„.l)  (P.„-,')  (p.,.d  (p.,.') 

^  ^  ...  ^  (T I  ^  <j{)  =  p  . 


We  may  assume  without  loss  of  generality  that  ^  Pi;  +  i’  ^ . 

m  —  1. 

We  successively  modify  each  run  Oj  into  another  run  0 j.  also  of  7".  so  that  the 
following  conditions  are  satisfied  for  j  =  0, 1, . . . .  m\ 

1.  CA  and  INPUT  in  Oj  and  Oj  coincide. 

2.  All  the  messages  in  S£G[^y](/)  are  identical  to  the  corresponding  messages 
in  5£'G[(Ty](/),  excluding  possibly  messages  M{i],p,k),  where  k  <  1.  such 
that  (q.k)  6  nc-detected-ill[<rj](p, /). 

3.  If  p  is  healthy  at  /  in  both  dj-i  and  then  p  has  the  same  view  at  /  —  1 
in  both,  i.e.,  V'[dj_i](p,/  —  1)  =  y[(^j\{pJ  -  !)■ 

(p., .') 

4.  dj-i  6j. 

The  salient  point  of  this  construction  is  item  3.  Indeed,  once  the  (?’s  are  con¬ 
structed,  we  will  modify  the  protocol  function  of  p  at  round  I  in  these  runs.  Since 
whenever  p  is  healthy  at  I  in  both  and 

v[^,_i](p,i-i)=y[^,](p,i-i), 

p  will  transmit  precisely  the  same  messages  at  /  ir  the  two  resulting  runs,  thus 

(p.j  .0 

maintaining  the  relations.  Here  is  the  inductive  construction  of  the  O's. 

Base  j  =  0:  Let  Oq  =  (Tq. 

Inductive  step:  Assume  that  for  k  =  0,  -  1,  runs  9^  satisfying  the 

conditions  above  were  already  constructed.  We  proceed  to  construct  9j.  Recall 

(p.j.O 

that  fyj-x  cry,  and  consider  the  following  two  cases: 

Case:  p,y  p.  Let  q  stand  for  p,^.  Thus  V[i7y_i](7, 1)  =  ^ 

2  of  the  inductive  hvpothesis,  V'[0y_i](g, /)  =  V'[crj_i](7,/).  Thus,  F[0y_i'(7,/)  = 
V[cj,\[q,lY 

Consider  first  the  case  where  p  is  healthy  at  /  in  botli  9j-i  and  eXj.  Since  7  is 
an  ZCP.  RV[9j^i](p,l  —  1)  =  i?\'[cr^](p./  —  1).  Now  construct  Oj  so  that  all  the 
messages  in  S EG[0 j][l)  are  identical  to  the  corresponding  messages  in  5£'G[crj](/), 
excluding  possibly  messages  A/[t>j](7,p,  t'),  for  k  <  1.  so  that  {q,k)  6  nc-detected- 
ill[(ry](p, /).  Let  each  such  message  .\/[^y](7.p.  A:)  be  M[0j-i][q,p,k).  It  is  apparent 
that  this  construction  satisfies  1.  2  and  3. 

Next  we  show  that  Oj  is  a  legitimate  run  of  7".  We  argue  first  that  p  transmits 
precisely  the  same  messages  up  to  and  including  round  /  to  corresponding  proces¬ 
sors  in  9j-i  and  (Tj.  Indeed,  this  follows  from  _ i ’ (7. /)  =  C[fT^](7./)  and  from 
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tlie  fact  that  p  conveys  its  reduced  view  at  each  round,  and  therefore  it  conveys 
all  the  messages  it  sends  to  all  the  other  processors  at  that  round.  Second,  by  the 
construction  of  Oj,  p  transmits,  up  to  and  including  round  /,  precisely  the  same 
messages  in  both  6j-i  and  dj.  Thus,  up  to  and  including  I,  p  transmits  the  same 
messages  in  both  dj  and  cry.  It  follows  that  each  processor  other  than  p  receives 
precisely  the  same  messages  in  these  two  runs,  and  therefore  it  also  transmits  the 
same  messages.  This  proves  that  Oj  is  a  legitimate  run  of  7". 

Finally,  to  show  4,  recall  that 

V'[^y_il(5,/)  =  V[aj\{qJ) 

vmqj)  = 

(4.') 

Thus,  dj-i  «s  dj. 

Up  to  this  point  we  have  assumed  that  p  is  healthy  at  I  in  both  dj-i  and  cxj. 
Consider  now  the  case  where  p  is  not  healthy  at  I  in  one  or  both  runs.  In  this 

case  just  let  dj  =  Cj.  Here  conditions  1  to  3  are  easily  verified.  Condition  4  is 

(9.0 

proved  as  follows:  By  2  of  the  inductive  hypothesis,  dj-\  ss  fy-i-  By  definition. 

(9,0  ^  (9,0  ,  ,  (9,0 

<Ty_i  as  cry.  Thus,  ^y_i  %  cTy,  and  from  the  way  we  constructed  dj,  0y_i  as  dj. 

Case:  pi^  =  p.  The  treatment  here  is  very  similar  to  the  one  above.  In  fact. 

construct  dj  exactly  as  in  the  previous  case.  We  now  show  that  this  construction 

is  legitimate  and  that  it  satisfies  1  to  4. 

To  show  that  dj  is  a  run  of  7",  we  need  only  state  that  p  transmits  in  dj 

precisely  as  it  does  in  cry.  This  is  apparent  from  2  of  the  inductive  hypothesis. 

(P'O 

which  implies  that  p  transmits  identically  in  0y_i  and  cry_i,  and  from  cry_i  ss;  cry. 

We  proceed  to  prove  1  to  4.  1  and  2  hold  from  the  way  we  constructed  dj. 
By  2  of  the  inductive  hypothesis,  all  the  messages  in  5£'G[5y_i](/)  are  identi¬ 
cal  to  the  corresponding  messages  in  5EG[cry_i](/),  excluding  possibly  messages 
M[dj]{q,p,k),  for  k  <  I,  so  that  {q,k)  E  nc-detected-ill[cry_i](p,I).  From  the 
way  we  constructed  dj,  for  every  such  q  and  k,  M[dj]{q,p,k)  =  M[dj-i](q,p,k), 
and  all  the  other  messages  in  SEG[dj]{l)  and  S£'G[(7y](I)  are  identical.  But  by 

(p,0 

assumption,  ay_i  as  aj.  that  is  V'(cry_i](p. /)  =  I’[cry](p,/).  thus  we  also  have 
V[dj^i]{p,l)  =  V[dj]{p,l).  This  proves  3  and  4. 

For  each  y  =  0,  1, . . . ,  m,  we  successively  construct  a  run  Xj  of  7'  as  follows: 

•  INPUT  and  CA  in  dj  and  ,Xj  coincide. 

•  All  the  messages  in  5£'G[Ay](Z)  are  identical  to  the  corresponding  messages 
in  SEG[dj\[l).  excluding  possibly  the  mes,sages  that  p  transmits  at  1. 
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•  If  p  is  healthy  at  I  in  9j,  then  it  transmits  according  to  /'  in  Xj. 

•  If  p  is  ill  at  I  in  Oj  (and  therefore  p  ^  pi^  and  p  ^  Pij  +  ,)  then: 

—  If  p  is  healthy  at  I  in  then  let 

-  If  p  is  healthy  at  I  in  Oj^i,  then  let 

A/[Ay](p,p,^^,J)  =  A/[Ay+il(p.p,^^,./). 

-  If  p  is  ill  or  dead  at  /  in  Oj^i,  then  let 

A/[Ay](p,p,-^^,,0  =  A/[Aj  +  i](p.p.^^,.I)  -  0. 

Notice  that  these  assignments  of  messages  are  always  possible  since,  by 
assumption,  p,^ 

By  item  3  in  the  construction  of  the  0's.  and  by  the  special  treatment  in  the 
case  that  p  is  ill  at  I  in  some  of  the  A/s,  we  conclude. 

(P.m-i-O  (P.fO  iPn-‘)  , 

Am  Am-I  ...  Ai  Ao  =  P  . 

But  p'  f=  Cpp.  thus  Am  f=  ‘P-  Recall  that  for  each  j  =  0. 1 . m,  the  CA  and 

INPUT  in  <Tj,  0j  and  Xj  are  identical.  Thus,  since  p  is  a  basic  predicate  and 
a  =  dm,  cr  \=  'p.  Therefore  p"  [=  Cip.  I 

Lemma  6  If  an  information  symmetric  protocol  7  —  (Pfp/)}  is  ck-informative, 
then  7  is  an  RCP . 

Proof:  We  show  by  induction  on  the  round  number  I  that  the  information  sym¬ 
metric  and  ck-informative  protocol  7  is  an  ZCP. 

Base  (1=1):  By  definition,  RV(p,0)  =  IN PUT{p.O)  for  every  p  €  P.  The 
initial  assumption  about  7  implies  that  every  processor  that  is  healthy  at  1  must 
convey  its  INPUT  and  therefore  also  its  reduced  view. 

Step:  .A..ssume  inductively  that  every  processor  .s  that  is  healthy  at  k  in  rr 
conveys  its  reduced  view  for  A:  =  1. . .  , ,  /  —  1,  and  assume  by  contradiction  that  p 
does  not  convey  its  RV  to  q  at  /  in  a. 


By  lemma  4  there  exist  two  runs  <t  and  (t  of  7  so  "Lat  (j  ^  rr.  a  ^  n  .  /■ 
is  healtliy  at  I  in  a" ,  and  R\'[cT"](p.l  -  1)  ^  R\'[a](i).l  -  1 ),  But  \ ' [rr'] (/i,  /  -  1 )  = 
r[(7](p,/  —  1).  implying  that  /?l'[<T"](p, /  -  1)  ^  R\'\a'][p.l  -  1). 

(p.<-i)  («?.<)  (•/■>->) 

The  relations  a'  a  and  a  ^  a'  imply  a'  ^  a  and  rt"  u’ 

respectively.  Applying  the  inductive  hypothesis  and  since  I  >  1.  p  conveys  its  R\' 
to  all  the  other  processors  at  /  —  1  in  a.  Again  by  lemma  4,  R\'[(t”](ii.I  -  2)  = 
/?V[<t](p, /  -  2),  implying  /?V[cr"](p. /  -  2)  =  /?V[cr'](p./  -  2). 

How  could  it  happen  that 

1)  #  -  1) 


RV{a"](pJ-2)  =  RV[<j']{p.l -2y: 

.\t  least  one  of  the  following  two  situations  must  have  occurred: 

51  There  exists  some  processor  r  satisfying  the  following  two  conditions: 

Rl  .\/[<T"](r, p,/  -  1)  7^  M[a']{r,pJ  -  1). 

R2  It  is  not  the  case  that  both  (rj  -  1)  €  nc-detected-ill[(7'](p.  /  -  1)  and 
{r.l  -  1)  6  nc-detected-ill[<T"](p./  -  1). 

52  iyPUT{a"]{pJ  -  1)  #  I.\PUT[a'](pJ  -  1). 

We  argue  that  if  either  Si  or  S2  holds,  then  7  is  not  ck-informative. 

Consider  first  the  case  where  Si  holds,  but  S2  does  not. 

Let  {r,  },™  ,  be  the  set  of  processors  such  that 

A/[<T"](r,,p,/  -  1)  .U[cr'](r,.p,/  -  1). 

Assume  by  contradiction  that  for  some  such  r^,  M[a'\{rj ,qj)  /  o.  First,  q 

knows  at  I  in  a  that  ry  was  healthy  at  /  —  1.  Second,  rr"  ^  a  ,  implying  that 
.\f[(T"\{rj,qJ  —  1)  =  M[a']{rj .q.l  —  1).  Finally,  from  the  information  symmetry  of 
7  and  by  lemma  1,  ,l/[cr"](r^. p,/  —  l)  =  M[a']{rj,  p.l  —  1).  a  contradiction. 

Thus,  .\I[(T"]{r,,q,l)  =  .\/[<T'](r,, (/,/)  =  0.  for  all  i.  —  implying  that 

each  (r,, /  —  1)  ^  nc-healthy((7. /)  in  both  a"  and  cr'. 

Rl  and  R2  imply  that  one  of  the  following  two  events  must  have  occurred: 

El  For  at  least  one  7  G  { 1. . . . ,  m },  {r^.l—  1 )  G  nc-p.seudo-healtliv(p.  /  -  1 )  in 
either  a"  or  cr'.  Denote  by  r  the  Cj  with  smallest  ;  satisfying  the  above. 


E’J  F'lr  all  i  —  1 . tn.  /•,/  —  1 )  :=  O  ainl  (  r, .  /  -  1)  G  Uf-dt'TfcraU- 

Ullrr"’!/)./  -  1)  or  versa  (exrliaiive  n"  aii>i  rr'). 

('(insider  El  hrsr.  Assume  without  loss  of  generality  that  (r.l-  1)  6  nc-pseudo- 

(P./-1) 

lieahhy'ir'llp,  /  -  1).  Thus,  there  exists  a  run  a  ^  rr'  in  which  r  is  healtln'  at 

I  -  1. 

(’'instruct  a  run  p  of  /  so  that  the  messages  in  S -  1)  coincide  with 
the  messages  in  (/  -  1)  excluding: 

1.  For  I  =  1 . m,  let  .\/[p](r,',p,  /  —  1)  =  A/[ct'']  ( r. .  p,  /  —  1).  It  follows 

therefore  tliat  l'[pj(p,/  —  1)  =  V'[(7"](p,(  —  1). 

2.  Some  t  processors  fail  at  /  —  1  in  p.  All  the  processors  that  fail  at  /  -  1  in 
p.  excluding  r,  do  not  transmit  to  (7  at  /  —  1. 

Notice  that  the  CA  and  IXPUT  in  p  can  be  readily  defined  to  satisfy  the 

above,  and  that  since  t  proce,ssors  fail  before  I  in  p  (including  r,,  for  ;  =  1 . m), 

p  is  completely  specified. 

U'e  now  prove  that  7  is  not  ck-informative  in  p.  Let  p'  be  a  run  that  differs  from 
p  only  in  that  the  processors  that  are  healthy  at  I  in  p'  transmit  their  corresponding 

views  (at  I  -  1).  Note  that  p  has  been  designed  so  that  p  ^  p.  The  processors 
that  are  healthy  at  /  in  p'  receive  t  empty  messages,  thus,  they  know  that  the 
transmitting  processors  at  I  are  healthy. 

By  the  information  symmetry  of  /.  each  processor  s  that  is  healthy  at  I  in 
p'  knows  that  r  was  ill  at  /  —  1.  The  intuition  is  that  since  M[a'']{r.  pj  -  1)  ^ 
M[a'](r.  pj  -  1).  r  manifests  its  illness  at  /  -  1  in  p  by  transmitting  messages  that 
are  inconsistent  with  the  information  symmetry  of  its  protocol.  To  be  more  precise, 
note  that  if  s  assumes  at  I  that  r  was  healthy  at  /  —  1.  then  it  may  apply  lemma  1 
for  calculating  M[p'](r,pJ  -  1)  from  A/[p'](r,  s,/  -  1),  Now,  .\/[p'](r,  s./  -  1)  = 
.^/[d■](r,  s,/  —  1),  and  .\/[p'](r,  p./  —  l)  =  ( r,  p.  /  —  1).  But  .\/[CT"](r.  p,  /  —  1)  / 

.\/[i7](r,p, /  —  1):  thus,  since  s  knows  at  I  that  p  w.as  healthy  at  I  it  also  knows  that 
r  must  have  been  ill  at  /  —  1. 

Recall  that  q  conveys  to  all  the  processors  that  are  healthy  at  I  in  p'  that  it 
received  /  —  1  empty  messages,  hence  each  proce.ssor  that  is  healthy  at  /  in  p' 
knows  that  t  other  processors  failed  at  /  —  1.  Thus,  the  views  of  the  processors 
that  are  healthy  at  /  in  p'  are  common  knowledge  at  I  in  //.  In  particular,  the 
basic  predicate  p  =  "r  was  ill  at  /  -  1"  satisfies  p'  j=  b'/p. 


Consider  now  p"  which  differs  from  p'  only  in  that  p  transmits  at  /  according 
to  T  in  p”  rather  that  transmitting  its  view  as  in  p' .  By  construction, 

implying  that  M[p'']{p.q,l)  —  M{(T"]{p,qJ).  Recall  that  \'[a"]{qj)  —  \'[ct']((7./) 
and  \'[(r']{pj  -  1)  =  V[5-](p,f  -  1),  hence, 

A/[<T"](p,g,/)  =  M{(T']{p.qJ)  ■■=  M[a\{p.q.l). 

Thus,  q  does  not  know  at  I  in  p"  whether  M[p"\{r,  pj  —  1)  is  .\I[a]{r.  p.l  -  1), 
in  which  case  r  could  have  been  healthy  at  /  -  1  in  p" .  or  M[p"]{r,  p.l  -  1)  is 
M[a"]{r,  pJ  —  1),  in  which  case  r  was  ill  at  /  —  1  in  p".  Therefore,  p"  ^ 
implying  that  T  is  not  ck-informative. 

Consider  now  E2:  .Assume  without  loss  of  generality  that  (ri ,  p,  /  —  1)  =  o 

and  that  {ri,l  -  1)  G  nc-detected-ill[<7"] (p,Z  -  1).  Construct  a  run  p,  similar  to  the 
one  above,  so  that  the  messages  in  SEG[p](l  -  1)  coincide  with  the  messages  in 
SEG[cr']{l  -  1)  excluding; 

1.  For  t  =  1 _ ,m,  let  A/[p](r,,p,Z  -  1)  =  M[cr"](ri,pJ  -  1).  It  follows 

therefore  that  V[p]{p,l  -  1)  =  V[a"]{pJ  -  1). 

2.  For  i  =  r,-  does  not  transmit  at  Z  -  1  in  p  to  any  processor 

excluding  p. 

3.  Some  t  processors  do  not  transmit  to  at  Z  -  1  in  p. 

.Notice  again  that  the  CA  and  IS  PUT  in  p  can  be  readily  defined  to  satisfy  the 

above,  and  that  since  t  processors  fail  before  Z  in  p  (including  r, .  for  t  =  1 . m). 

p  is  completely  specified. 

Let  p'  be  a  run  that  differs  from  p  only  in  that  the  healthy  processors  at  Z  in  p' 
transmit  their  corresponding  views.  Note  again  that  p'  has  been  designed  so  that 

p  p. 

The  healthy  processors  at  Z  in  p  receive  t  empty  messages,  thus,  they  know  that 
the  transmitting  processors  at  Z  are  healthy.  They  know  that  ri  was  ill  at  Z  -  1 
from  the  transmissions  of  p  at  Z  and  they  know  that  t  processors  failed  at  Z  -  1. 
Thus,  the  views  of  the  healthy  processors  at  Z  in  p'  are  common  knowledge  at  Z  in 
p'.  In  particular,  the  basic  predicate  p  =  “ri  was  ill  at  Z  -  1"  satisfies  //  f=  C'/p. 

Consider  now  p"  which  differs  from  p'  only  in  that  p  transmits  at  Z  according 
to  /  in  p”  rather  that  transmitting  its  view  as  in  p'.  By  construction 

'^'\p"\{p-i  -  1)  =  -  1). 
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implying  that  M[i/']{p.qJ)  =  A/[ct"]{p, y,/).  Recall  that  \'[cr"]((i.l)  =  \'[a']{ij.l). 
hence,  M[(T"](p.qJ)  —  A/[a'](p.  (/, /) .  Thus,  q  does  not  know  at  /  in  p”  whether 
A/[p"](ri ,  p,  /  —  1)  is  A/[<7'j(ri.p,/  -  1),  in  which  case  rj  could  have  been  dead  at 
/  -  1  in  p".  or  A/[p"](ri,p,/  -  1)  is  M[a"]{r\,pJ  -  1).  in  which  case  r\  was  ill  at 
/  —  1  in  p" .  Therefore,  p"  [=  implying  that  7  is  not  ck-informati\'e. 

The  case  in  which  52  holds  is  treated  similarly.  I 

Thus,  we  have  proved: 

Theorem  A  (weakly)  information  symmetric  protocol  7  is  ck-informative  iff  7 
is  an  ZCP. 


E  The  Proof  of  Theorem  2 

E.l  Part  1 

We  prove  the  first  part  of  theorem  2  by  the  following  sequence  of  lemmas: 
Lemma  7  Assume  that  the  processor  pi^  transmits  at  I  the  atom 

a  =  {Pii  ^  Ph  —  ■■■  A* ,  q) 

in  a  run  p  of  NIP  where  it  is  healthy  at  1.  Then  A/[pj(p,'^,p,^,/  -  1)  =  0  for  all 
J  =  1 . k  -  2. 

Proof:  We  prove  the  lemma  by  induction  on  the  number  of  processors  k  appearing 
in  the  chain  of  the  atom  transmitted.  For  A:  =  1  and  k  =  2  the  lemma  is  trivial. 

.Assuming  that  the  lemma  is  correct  for  chains  with  less  than  k  processors,  we 
prove  its  correctness  for  chains  with  k  processors.  .Assume  by  contradiction  that  for 
some  .\/[p](p,'^  ,Pn -  1)  0,  where  1  <  7  <  k  —  2.  and  let  f*  be  the  biggest  such 

q.  We  will  see  in  the  following  lemma  that  the  assertion  A/[p](p,'^. .  p,\ ,  /  -  1)  0 

together  with  the  consistency  test  in  NIP.  allow  very  little  freedom  to  what  any 
processor  p,^_, ,  for  f'  <  j  <  A*— 1,  may  convey  to  any  other  processor  at  / -A  +  j  — 1 

about  the  content  of  the  atom  (p,-,  —  p,2  “  •••  *  ^  Pi  without  being 

detected  ill  by  the  receiving  processor. 

To  make  this  claim  more  precise  let  6  —  (p,,  —  p,„  — *  . .  .  '  p,^.a).  for 

j'  <75  A,  and  consider  the  four  one-parameter  predicates  for  t  =  1 . 4: 


p  t=  ri(b)  iff  pi^  is  healthy  at  /  —  k  +  j  —  1  in  p.  and  conveys  to  p,^ 

at  that  round  the  atom 

p  (=  p-2{b)  iff  p,^  is  healthy  at  /  —  ^•  +  j  —  1  in  p.  and  Pij_^  conveys  to 
at  that  round  the  atom 


l-k+j-2 


where  j'  <  f  <  j  —  1,  and  i3  =  “detected  ill”  or  3  =  0. 

•  p  \=  P'3  (6)  iff  Pij  is  healthy  a.t  I  —  k  +  j  —  I  \n  p  and  p,^  either  detects  at 
I  —  k  +  j  —  I  \n  p  that  Pi^_,  was  ill  at  /  -  A:  +  j  —  1  or 

*'^(p](P.;-nPi>^  -  A-  +  J  -  1)  =  0. 

•  p  \=  ^-iib)  iff  p,'^  is  not  healthy  at  /  -  A  +  7  -  1  in  p. 

Finally,  let  p;  =  V  Pi-  The  following  lemma  specifies  some  of  Pn’s  knowledge 
at  /  -  1  in  p  if  p,^.  transmits  to  it  at  /  -  1  a  non-empty  message. 

Lemma  8  Assume  that  pii^  is  healthy  at  I  -  1  in  p.  Let  A/[p](p,'^. .  Pn .  /  -  1)  7^  0 
for  some  j‘ .  1  <  j*  <  A  -  2,  and  assume  that  p,^.  conveys  to  pi^  at  I  —  k  +  j’  the 
atom 

t-k-hj’-i  , 

Then  for  any  processor  pi^,  j*  <  j  <  A  —  1, 

P  N  'P{{Pix  ^  P., ,  q)) 


p  h  p{{Pu 


Pu^q))- 


Proof:  We  prove  this  lemma  by  induction  on  A  —  j*.  the  length  of  the  subchaii 

P.;-  +  .  -  •••  -*P.». 

Base  A  =  j*  +  1;  Here  we  need  only  show 


P  N  p{{p,i 

Thi.s  holds  by  assumption. 


i-k+j' 

P.,.  -*  P.,..,-'‘))- 


Incluctivc  step:  Assume  that  the  lemma  is  correct  for  numbers  smaller  than 
k  —  j" .  Here  is  the  proof  for  k  -  j' .  If  is  not  healthy  at  /  -  2  in  p,  then 

^  _o 

pf=  p4{p>i  — 

and 

P  N  t^3((p.',  —  ...  —  P.y.Q)). 

Otherwise,  let  Pn_,  be  healthy  at  /  —  2  in  p.  Since  A/[p](p,^. ,  Pn .  /  -  1)  7^  0. 
also  .^/[p](p,  —  2)  0.  By  the  inductive  hypothesis,  for  all  p,  and 

j*<j<k-l, 

and 

p  h  q))- 

^^’e  proceed  to  show 

p  t=  ^(a) 

where  as  above,  a  =  {pi^  p^.a). 

First,  by  assumption,  p  ^  P-i(a)-  Second,  p,j  discovers  at  ^  -  1  in  p  that  p,^_| 
is  ill  at  /  -  1  or  that  A/[p](p,^_,.p,j,/  -  1)  =  0  iff  p  ^  y^3(«).  Assume  ne.vt  that 
p  ^  r3(a).  Thus, 

(Pu_,<^  ~  f)  S  nc-pseudo-healthy[p](p,-^ ,/  -  1). 

Applying  the  inductive  hypothesis,  p  P'(a'),  where 


'  /  '-2  \ 

a  =  (p.-,  —  ...  —  P,*_,,a). 

Thus,  p  1=  V  Clearly,  p  ^  P^(a0•  Consider  first  the  case  where  p,\_,  is 

healthy  at  /  -  1  in  p.  If  p  j=  p'i(a').  then  p  ^  •p’i((i).  Similarly,  p  |=  implies 

that  p  j=  f2((i)-  Finally,  if  p  P3(a'),  then  p  |=  P'2(n).  Thus,  since  p  |=  p(u')  we 
have  p  j=  p{(i). 

Next  assume  that  Piy_,  is  ill  at  /  —  1  in  p.  Since  NIP  is  ck-informative  and 
by  assumption  (Pn_,,/  —  1)  6  nc-pseudo-healtliy[p](pn .  /  -  1).  Pn_|  must  ha\-e 
conveyed  to  p,^  at  /  —  1  in  p  one  of  the  following  two  atoms: 


2.  {pi^  —  ...  — “  whore  j*  <  /</.•-!  and  .j  =  “dotertod  ill"  or 

3  =  \li. 

In  the  first  case,  if  '•/  ^  a,  then  ^I{p]{pi|,_^^ p^J  —  1)  will  fail  the  consistency 
test  that  Pn  runs  at  /  —  1  in  p.  Since  this  contradicts  -  1)  €  nc-psendo- 

healthy[/j](pn./  —  1).  =  q;  thus  p  \=  ,^i(u).  The  second  case  implies  p  j= 

Therefore,  p  }=  ^(u).  I 

We  now  continue  the  proof  of  lemma  7.  By  assumption.  transmits  at  /  the 
atom  a  =  (p^  —  . . .  — ’  p,^.a),  thus. 

(Pu_,./  -  1)  €  nc-pseudo-healthy[p](p,y  .  /  -  1). 

By  lemma  S  and  the  consistency  test  in  NIP.  p,^.  must  ha\'e  conveN'od  to  p,^  at 
I  —  k  +  j*  the  atom 

i-k+r~\  s 

(p„  — ...  —  P,,.-Ci). 

Clearly.  M[p]{p,^, ,  p,^,l  -  1)  ^  0  implies  that  B/[p]  (p,^. .  p,^ ,  /  -  2)  ^  0.  Thus,  by 
lemma  8.  p  |=  pin),  where 

a  =  (p.-,  —  ...  —  p,»_.,  p,y .  q). 

We  consider  the  following  three  cases:  First,  if  p  ^  Pi(d).  then  recalling  how  A 
is  evaluated,  p,^  should  not  have  transmitted  the  atom  a  at  /  in  p  -  a  contradiction. 
Second,  a^cume  that  p  [=  P2(a).  Recall  that 

(p^./  -  1)  €  nc-pseudo-healthy(p,^ . /  -  l). 

and  p,\_,  conveys  to  p^  at  /  -  1  the  atom 

(P.,  •••'— Ph-,.o). 

We  distinguish  between  two  cases:  Assume  first  that  p,^_|  com'eys  to  p^  at 
/  —  1  that  p,^_.,  transmitted  to  it  the  atom 


f  =  (P.,  —  ...  —  P.y_;.o). 

Then  by  the  inductive  h\',  othesis.  Pn_,  must  have  con\’e\’ed  to  p,^  at  /  —  1  that 

P'*-2  conveyed  to  it  that  -^/(pi^ .  Pn_.. •  /  -  3)  =  0  for  j  =  1 . k  -  4.  Since  /i,y 

transmits  n  at  /.  /p^_|  must  have  conveyed  to  p,^  at  /  -  1  that 


and  for  tlie  -^aine  reason.  .  /  -  1)  =  0.  Thus.  .  /  -  1)  =  0  lor 

I  =  1 . k  —  2.  This  conrradirts  the  e.xistence  of  j' . 

.\ssunie  ne.\t  that  conveys  to  /),^  at  /  —  1  that  coin’cyed  hui  did  not 

transmit  the  atom  c  to  it.  Then  recalling  how  A  is  evaluated.  /',*  should  not  ha\'e 
transmitted  at  /  in  p  -  a  contradiction. 

Finally,  the  case  where  p  |=  ,^3(5)  follows  similarly.  This  completes  the 
proof.  I 

Corollary  2  Assume  that  the  processor  p,i^  transmits  at  I  the  chain 

i-\ 

Pti  Pii  —  •  •  •  —  F.y 

in  a  run  of  NIP  where  it  is  healthy  at  1.  Then  k  <  t  +  1. 

Proof:  By  lemma  7.  for  j  =  1. k  ~  2.  “  f)  =  0-  Clearly  k  -  2  <  t. 

but  we  argue  that  in  fact  k  -  2  <  t.  Indeed,  had  p.^  seen  precisely  t  processors 
falling  at  /  -  i.  it  should  not  have  transmitted  anything  besides  its  INPUT  at 
that  round.  Thus,  k  <  tA-  I-  I 

Corollary  3  Each  processor  that  is  healthy  in  a  run  of  NIP  uses  at  most 

{t  +  1)  logn 

bits  for  transmittiny  a  chain. 

Proof:  The  processor  uses  the  trivial  binary  encoding  of  that  chain.  I 

Lemma  9  If  the  processor  transmits  at  I  the  chain  p,,  —  p,.,  —  .  .  .  ^ — ■  pi^^  in 
a  run  p  of  NIP  where  it  is  healthy  at  1.  for  k  >  2.  then  at  least  one  of  the  following 
three  must  have  occurred: 

d-  Pii,-,  conveys  an  actual  he  with  chain  p,,  — •  /),„  — *  ...  — •'  to  i>,^  at 

I  —  1  in  p. 

s.  Pit_..  conveys  an  actual  he  with  chain  p, ,  —  p,.,  —  . .  .  p,^_.  to  P,i^_i  'it 

1  —  2  in  p. 

Ik  Pik-^  conveys  an  actual  he  with  chain  p,^  —  —  .  .  .  ‘ — •  pn_..  to  at 


r 


Proof:  Assume  by  contradiction  that  none  of  the  above  hold.  Then  the  chain 
Pn  Pij  —  ^  P<k--2  P>k~2  conveys  at  /  —  2  carries  exactly  the  same 

content  to  both  p,*_,  and  Moreover,  the  chain  p,-,  —  p,-^  —  . . .  — “  p,y_,  that 
Pik-i  conveys  to  p,^  at  /  —  1  also  carries  that  content.  Finally,  since  follows 

.\IP  at  L  it  will  not  transmit  the  chain  p,^  —  p,..  —  . . .  *  p^  -  a  contradiction. 

I 

We  now  prove  the  first  claim  of  theorem  2.  The  idea  is  to  pick,  one  at  a  time, 
each  chain  consisting  of  at  least  three  processors  that  p,^  transmits  at  /.  and  to 
mark  the  last  actual  lie  performed  on  that  chain.  Lemma  9  implies  that  the  only 
actual  lies  that  will  be  marked  are  the  ones  perpetrated  in  rounds  I  -  1  and  /  -  2. 
.\  more  careful  examination  shows  that  each  actual  lie  at  /  -  1  is  marked  at  most 
once,  and  that  each  actual  lie  at  /  -  2  is  marked  at  most  n  -  2  times. 

More  precisely,  let  p.-^  be  healthy  at  I  and  assume  that  it  transmits  the  chain 

Pi'i  “*  Pij  —  ’  Pi*  at  /,  where  k  >  3.  Lemma  9  motivates  the  introduction 

of  the  following  marking  of  actual  lies.  If  p,^_,  conveys  an  actual  lie  with  chain 
/  — 2 

Pi;  —  pio  —  . . .  — '  Pi*_|  to  p,j  at  /  —  1,  then  mark  it;  this  actual  lie  is  of  type  1. 

*  •  /  ~  3 

Otherwise,  if  p,*.,  conveys  an  actual  lie  with  chain  p,-,  -*  p,,  —  p,*_.,  to 

Pi/,-1  3-^  ^  “  2.  mark  it.  and  refer  to  it  as  type  2.  Finally,  if  none  of  the  above  hold. 

I  3 

mark  the  actual  lie  corresponding  to  the  chain  p,-,  pi.,  —  ...  —  pi^_^  that  p,j_,, 
must  have  conveyed  to  p,n  at  /  -  2  and  call  it  type  S. 

We  now  prove  the  following  three  lemmas  referring  to  actual  lies  of  types  1.  2 
and  3; 

Lemma  10  Every  actual  he  of  type  1  is  marked  at  most  once. 

Proof:  For  every  actual  lie  of  type  1  with  chain  p,,  —  p,^  —  . . .  —  Pn_,,  there 

exists  at  most  one  chain,  p,,  —  p,^  —  . . .  — *  Pi*_,  p,*,  that  p,y  may  traii'-mit 

at  /.  I 

Lemma  11  Every  actual  lie  of  type  2  is  marked  at  most  once. 

Proof:  Similar  to  lemma  10.  I 


'WJWi'iLWPJIFj 
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Proof:  For  every  actual  lie  of  type  3  with  cliain  /i, ,  —  p,„  —  .  .  .  /',j  ...  there 

exists  at  most  n  —  2  chains,  p,-,  —  p,^  —  —  Pn.-.  —  7  I'u-  ‘I  ^  Pi,-- 

q  ^  p,^  that  p,^  may  transmit  at  /.  I 

And  now  the  statement  and  proof  of  the  hrst  claim  of  theorem  2; 

Corollary  4  The  number  of  bits  that  the  processor  p  transmits  at  round  I  to  an¬ 
other  processor  in  a  run  p  of  NIP  where  it  is  healthy  is  less  than 

n({t  u-  1)  log  n  +  |p|)Al'^[p](/  -  2.1  -  1). 

Proof:  It  follows  from  the  discussion  above  that  p  transmits  at  /  less  than 

n.4L[pi(/-2./-  1) 

atoms  whose  chains  consist  of  at  lea.st  three  processors,  p  also  transmits  less  than 
n  atoms  whose  chains  consist  of  preci-ely  two  processors,  and  one  atom  whose 
chain  consists  of  a  single  processor,  namely  p. 

Thus,  p  transmits  less  than 

n.4L^[p](/  -  2.1  -  1)  =  nAL\p\(l  -  2.1  -  1)  +  («  -  1)  +  1 
atoms.  Now.  by  corollary  3.  each  atom  that  p  transmits  at  I  requires  at  most 

{t  +  1)  logn  +  IpI 

bits.  I 

E.2  Part  2 

We  now  prove  the  second  part  of  theorem  2  which  states  that: 

Lemma  13  The  time  needed  for  calculating  the  messages  that  p  transmits  at  I  in 
p  using  the  routines  described  in  appendix  A  is 

cAL^\p\{l  -  3./  -  1) 

where  c  =  poly[n.t,\p\) .  The  space  used  in  that  calculation  is 


Before  proving  tliis  statement  we  need  the  following  two  lemmas: 


Lemma  14  Let  p  be  healthy  at  round  I  in  a  run  of  NIP.  The  sum  of  the  sizes  of 
the  messayes  that  p  receives  at  I  is  bounded  by  AL'^  {I  —2.1)  times  a  low  degree 
polynomial  in  n.  t  and  |p|. 

Proof:  Let  L{q.p.l)  denote  the  number  of  actual  lies  that  q  conveys  to  p  at  /. 
Let  RD[p.l)  denote  the  number  of  actual  lies  that  were  conveyed  to  p  at  1:  thus 
RD{p.l)  =  Ylq  L((7,p,/).  Let  p  be  a  bound  on  the  number  of  bits  that  are  required 
in  order  to  represent  any  atom  in  NIP.  By  lemma  3  we  may  let 

p  =  (<  +  1)  logn  +  \p\. 


Using  the  estimates  in  appendix  E.l 


M{q.p.l]\  <  p  jl((7.p,/)  +  ^L(r,7./-  l)  +  (n-2)^Z,(s,7./-2) 


+  L{s.  r.  I  —  2)  +  n 


Summing  o%'er  q,  q  ^  p, 


^  |.\/(-7,p.0l  <  p  I  -  1)  +  ('!  -  2)  ^  L(s.9J  -  2) 


+  Y,  ^s,r,[-2)  + 

g,s,r  ) 

<  p  {RD{p,l)  +  AL{1  -  IJ  -  1)  +  [n  -  2)AL{1  -2.1-2) 

+  {n-  l)AL(l  -  2,/  -  2)  +  n^} 

<  n^pAL-^(l  -  2,1)  I 

Lemma  15  Let  p  be  healthy  at  round  I  in  a  run  of  NIP.  The  size  of 

UrLD(r.  p,l  —  1) 

IS  bounded  by  AL'^  [I  —  2.1  —  1)  times  a  low  degree  polynomial  in  n.  t  and  |/)| 
Proof:  Following  the  notations  of  lemma  14  we  argue  that 


Summing  over  r,  r  ^  p. 


\Ur  LB(r,pJ  -  l)\  <  plY^L{r,pJ  -  l)  +  Y,L{s,pJ  -2) 

I  r  r.s 

+  ^z;(s,  r,/  -  2)  +  n 

r,a 

<  Ai  -  1)  +  («  -  -  2) 

+  AL(/-2,/-2)  +  n} 

<  npAL-^{l  -  2,1  -  1)  I 

We  proceed  to  prove  lemma  13. 

Proof:  We  examine  bottom  up  the  complexity  of  each  of  the  subroutines  in  NIP. 
To  this  end  consider  a  processor  p  that  is  healthy  at  round  I  in  a  run  of  iNTP.  We 
estimate  the  time  it  spends  in  the  different  routines. 

Subroutine  DETECTJLL  is  0(1)  and  subroutine  CHECK JLL  is  0{n).  Invok¬ 
ing  TRUST  is  0(n)  provided  that  no  recursive  calls  to  TRUST  are  made  within 
it.  Since  there  may  be  no  more  than  t  such  calls,  the  complexity  of  TRUST  is 
0(nt). 

The  total  time  that  p  spends  in  routine  NEWJNFOR.MATIO.N  is  bounded  by 
the  size  of  the  messages  that  it  receives  at  /  times  a  low  degree  polynomial  in  n 
and  t. 

Evaluating  the  time  that  p  spends  in  CONSISTENT  is  a  little  nfire  involved. 
At  any  given  call  to  CONSISTENT,  there  are  at  most  n  invocations  to  TRUST, 
which  is  and  the  time  spent  at  step  CHECK  is  Non’  when  CON¬ 

SISTENT  is  invoked  with  parameters  r,  fc  and  TREE,  the  number  of  recursive 
calls  to  CONSISTENT  is  no  more  that  the  number  of  internal  nodes  in  TREE. 

Thus  the  total  time  that  p  spends  in  CONSISTENT  is  bounded  by  the  the  sum 
of  the  sizes  of  the  messages  that  it  receives  at  I,  times  a  low  degree  polynomial  in 
n  and  t. 

Consider  now  routine  SET-LABEL.  The  main  computational  effort  in  that 
routine  is  spent  evaluating  the  formula 


{Sr(s,r,/  -  2\M{q.p.l))  V  LD{s,q,l  -  2)]  ST{s,r,l  -  2\LD{r,p,l  -  i)) 


for  every  s  and  r.  We  evaluate  that  formula  by  first  scanning  the  transmission  tree 

ST(s.rJ  -2\M(q.p,l)) 


and  next  the  transmission  tree 

ST(s.rJ  -  2\LD(r.pJ  -  1)). 

Thus  the  time  spent  in  SET. LABEL (17,  p.l)  is  bounded  by  the  sizes  of  both  M{(].  p,  I ) 
and  LlrLB{ry  pj  —  1)  multiplied  by  a  factor  as  above.  Thus  the  total  time  spent 
in  calls  to  SET.LABEL  is  bounded  by  the  sum  of  the  sizes  of  the  messages  that  p 
receives  at  /  plus  n  times  the  size  of  UrLD{r,pJ  —  1),  with  all  this  multiplied  by 
a  factor  as  above. 

Therefore  the  total  time  that  p  spends  at  I  in  routine  UPDATE.NK  is  bounded 
by  the  sum  of  sizes  of  the  messages  that  p  receives  at  I  plus  the  size  of  UrLD(r,  p.  I  — 
1)  with  all  this  multiplied  by  a  low  degree  polynomial  in  n  and  t. 

Now,  by  lemma  14  the  sum  of  the  sizes  of  the  messages  that  p  receives  at  I 
is  bounded  by  AL'^{1  -  2,1)  times  a  low  degree  polynomial  in  n,  t  and  |p|.  By 
lemma  15  the  size  of  UrLB(r,p,l  —  1)  is  bounded  by  AL'^[l  -  2,1  -  1)  times  a  low 
degree  polynomial  in  n,  t  and  |p|.  This  completes  the  first  part  of  lemma  13. 

The  second  part  follows  since  the  number  of  processors  defining  any  chain  that 
is  forwarded  by  a  healthy  processor  in  NIP  is  no  more  than  i  +  1.  I 


F  The  Proof  of  Theorem  3 

In  this  appendix  we  prove  theorem  3  which  states: 

Theorem  NIP  is  a  communication  efficient  ck-informative  protocol. 

Proof:  Fix  a  run  cr  of  NIP,  a  ck-informative  protocol  /  and  a  round  /.  We  will 
construct  a  run  p  G  DOM[7 ,(r)  so  that 

CC\(t\{1)  <  p{n,t)CC\p]{l). 

In  the  process  of  doing  so  we  will  explicitly  construct  the  polynomial  p(n,t).  We 
assume  hereafter  that  E  =  A  =  {0, 1}. 

In  order  to  simplify  the  construction  of  p,  we  first  modify  a.  Let  r  be  ill  at  k  and 
let  q  be  healthy  at  k+l,  both  in  <t.  Suppose  that  q  detects  at  k  in  cr  that  r  is  ill  at  k. 
Then  we  let  r  transmit  to  q  at  k  in  the  modified  run  the  message  M'{r.  q,  k)  defined 
at  the  end  of  section  6.2.  Thus,  in  this  new  run  (r,k)  E  nc-pscudo-healthy(7,  x). 


the  messages  that  are  transmitted  at  +  1  and  A:  +  2  are  modified  only  sliglitly, 
and  the  messages  that  are  transmitted  at  other  rounds  remain  as  in  a.  Notice 
that  each  actual  lie  that  r  conveys  to  q  at  k  in  this  modified  run  corresponds  to 
an  actual  lie  in  ct.  In  p,  we  will  let  r  convey  these  actual  lies  to  q  at  k  as  well,  so 
we  may  assume  hereafter  that  cr  itself  satisfies  the  above. 

We  first  construct  an  auxiliary  run  cr^  which  is  very  similar  to  a.  but  in  which 
some  atoms  have  the  form  where  Xch  is  an  undetermined  content, 

will  be  assigned  an  element  in  {0, 1}*  when  we  construct  p  from  cTi. 

Let  the  parameters  n.  t,  /,  0  and  CA  in  tjj.  be  as  in  cr.  Thus,  for  (Tj,  to  be 
fully  specified  we  need  to  choose  an  adversary  and  the  inputs.  In  order  to  do  so 
we  sequentially  scan  the  processors  at  rounds  1  to  /  as  follows:  We  start  with  p\ 
at  round  1,  then  p2  at  round  1,  up  to  p,,  at  1.  Next  we  scan  pi  at  round  2.  /lo  at 
round  2.  etc. 

Suppose  that  we  are  currently  scanning  processor  q  at  round  k.  If  q  is  either 
ill  or  dead  at  k  in  cr  we  proceed  to  its  neighbor.  Otherwise,  q  is  healthy  at  k  in  cr. 
Consider  each  of  the  atoms  (c/i,a)  that  q  transmits  there. 

First,  if  ch  =^^''  q,  then  let  that  chain  carry  the  content  Xch  in  <7^.  Second,  if 
ch  —  pi^  — >  q,  pij  is  ill  at  /c  —  1,  and  q  is  the  processor  with  smallest  index  that  is 
healthy  at  A*,  then  let  that  chain  carry  the  content  Xch  in  cr^.  Third,  assume  that 
ch  =  pi^  —  . . .  —  p,^  q  and  conveyed  the  actual  lie  (p,,  —  p.^.a') 

ib—  1 

to  some  processor  at  k  -  1.  Then  let  chr  =  p,,  — >  . . .  —  p,^  — >  r.  If  Xch,  has  not 
yet  been  assigned  for  any  r.  then  let  ch  carry  the  content  in  <7x- 

lb—  1 

Finally,  assume  that  c/i  =  p,-,  p,-^  —  q  and  p,'^  did  not  convey  any 

actual  lie  with  chain  p,q  — >  . . .  pi^  in  cr.  Thus,  by  lemma  9.  p,^-.,  must  have 

k—'Z 

conveyed  an  actual  lie  with  chain  pi,  .  —  Pi/_|-  Let 

chp  =  p.q  ^  ...  ^  p,^_,  —  p 

chf—r  —  p,i  '  ...  >  P>/-\  ‘  ^  ‘ 

If  neither  Xch„  nor  Xch,^r  have  been  assigned  for  any  p.  or  pair  s  r,  then  let  ch 
carry  the  content  x^h  in  <7x- 

For  each  atom  {ch,Xch)  in  ax,  let  |(c//, x,./,)|oo  be  the  cc-leugth  of  the  corre¬ 
sponding  atom  in  a.  Let  A’’[crx](^, A)  be  the  set  of  atoms  {ch.xd,)  for  ch  =  p,,  — 
...  —  p,^  *— *'  q.  The  motivation  for  this  rather  cumbersome  definition  is  the 
following 


C'C'[ct](/)  <  Y1  +  I)  logn  +  |a|oc)- 


(i.tiehealthy  ae.V[(T,|(g,*:) 

0<K1 


Proof:  ^^'e  prove  that  each  actual  lie  with  oc-length  A  can  force  the  processors 
that  are  healthy  in  9  to  transmit  at  most 

n^{(t  +  1)  log  n  +  A) 


Assume  that  conveys  at  k  in  the  run  0  of  NIP  an  actual  lie  with  chain 

— *  . . .  L't  7  be  one  of  at  most  n  —  1  processors  that  are  healthy  at 

k  +  I  in  9.  Then  q  might  have  to  transmit  at  most  n  —  2  atoms  at  A:+  1  in  0.  Also, 

every  processor  r  other  than  p,^  might  have  to  transmit  n  —  3  atoms  at  k  +  2  with 

k+ 1 

chain  p,',  p,y  —  s  —  r,  where  s  ^  Piy-r.  Interestingly,  processors  that 

are  healthy  at  rounds  succeeding  +  2  will  not  transmit  any  atom  due  to  that 

actual  lie. 

Since 

(n  -  l)(n  -  2)  +  (n  -  l)(n  -  2)(n  -  3)  < 

this  actual  lie  can  force  the  transmission  of  no  more  than  atoms,  each  of  which 
involves  no  more  than  (i  +  1)  log  n  +  A  bits.  I 

We  jiroceed  to  construct  the  run  p.  Let  the  parameters  n.  t.  7.  0  and  C.-l  in 
!>  be  as  in  and  therefore  also  as  in  a.  Let 


1A’[(Tj](7,  A:)|oo  —  |o|oo. 

Our  goal  is  to  force  q  to  transmit  at  k  in  p  at  least  )A’[(T^](7.  k)\x  bits  to  some 
other  processor,  say  r,  by  carefully  selecting  in  p  a  new  short  content  for  each  of 
the  atoms  in  A'[(7x](7,  A;).  In  order  to  do  so  we  use  the  natural  one-to-one  mapi)ing 
from  atoms  in  A:)  into  actual  lies  in  a.  and  we  assign  in  p  a  new  content 

to  each  of  these  actual  lies.  Thus,  the  run  p  that  we  construct  in  this  way  is 
in  DOM{T,(t).  Suppose  that  we  had  satisfied  the  above.  Then,  recalling  that 
|a|oc  >  1-  "e  could  argue  the  following: 


CC[a]{l)  < 


n'{{t  +  1)  log  n  -h  ) 


(7,*)6healthy  ae.V[<T,](7,t) 
0<*<l 


* 

I 

r< 


I 

I 


V 

i 

S' 


I 


i 


< 


< 


-t  l)  lo?-;  H  +  1) 
n^(lt  +  1)  log  u  +  1) 
n^(((  +  1)  log  n  +  1) 


V 


!«;.*  liN  <l6  -V 


0<*<^ 


'"'il 

A'[fT^)((;./>-)|cc 

r.  A-)l 


(<?.*)€lieaUhv 

r,  0<k<l 


=  «^((^  +  l)log«+  1)CC[/)1(/). 


Therefore,  we  would  only  have  to  choose  a  polynomial  p{n.t)  so  that  p[n.t)  > 
n^((t  +  1)  log  n  +  1)  in  order  to  prove  the  theorem. 

So  we  are  left  with  the  problem  of  letting  7  transmit  at  least  |-V[(Tx]  (f/.  A)  j-c  bits 
to  r  at  A  in  p.  where  we  are  assuming  of  course  that  l,Y[ox](7.  A)loo  >  0-  The  idea 
is  again  to  pick  carefully  a  new  content  for  each  of  the  actual  lies  corresponding 
to  the  atoms  in  A'[ax](7, A),  without  disclosing  thereby  to  7  at  A  -  1  in  p  that 
the  sending  processor  was  ill.  An  application  of  the  pigeonhole  principle  will  then 
force  7  to  transmit  at  least  |A'[<7x)(7,  A)|oo  bits  at  A  in  p  as  required. 

Let  (ch.Xch)  €  A'[ox](7.A)  for  ch  =  Pi^  —  ...  —  7.  and  let  {cli.a)  be 

the  corresponding  atom  that  7  transmits  in  a.  Let  a  ^  0,  and  consider  the  more 
interesting  case  where  /  >  1.  .Assume  first  that  p,-^  conveyed  an  actual  lie  with 

chain  p^  —  . . .  —  p,^.  Then  it  is  a  property  of  the  consistency  test  in  .\IP  that 
7  would  not  be  able  to  determine  at  A  -  1  that  p,-^  was  ill  at  A  -  1,  had  p,^  instead 

ifc-”  2 

conveyed  to  7  the  atom  (p,,  — *  . . .  —  p,-^,/?),  where  #  q,0,  “detected  ill". 

.Assume  now  that  p,^  was  healthy  at  A  -  1.  Then  p,^_,  must  have  conveyed  an 

it— 3 

actual  lie  with  chain  p,,  —  ...  —  pi^_,.  Again  it  is  a  property  of  the  consistency 
test  in  .NIP  that  p,^  would  not  be  able  to  determine  at  A  —  1  that  p,^_,  was  ill  at 

A  -  2.  had  Pif_,  instead  conveyed  to  it  the  atom  (p,-;  —  ...  —  Pif_^,0),  where 
3  ^  0,0,  “detected  ill".  Finally,  if  p,^  was  ill  at  A  -  1  but  did  not  convey  in  a 

k—2 

any  actual  lie  with  chain  p,,  ^  ...  — *  p,^.  then  if  p,^_,  conveys  to  p,^  the  atom 

(p,i  —  ...  —  pif_y.3)^  with  3  as  above,  and  p,^  forwards  it  to  7  at  A  —  1,  then  7 
would  not  be  able  to  determine  that  p,-^  was  ill  at  A  —  1.  Further,  the  above  holds 
also  if  we  modify  the  content  of  several  actual  lies  simultaneously. 

The  case  where  o  =  0  is  treated  similarly.  Notice  that  if  7  transmits  the  atom 
k—i 

—  p,^  —  7,0)  at  A  in  o,  then  it  does  not  transmit  any  atom  with  chain 

(t-i 


(a.. 


-  P>i 


P>2 


58 


Otliei-\vise.  the  former  atoai  would  be  implicit  in  the  traiisniijsion  of  the  latter, 
.^..s  exiilaiued  above,  we  may  let  q  receive  the  atom  —  .  .  .  p,,.  3)  without 

creatine;  thereby  any  inconsistency  in  the  message  that  p,^  transmits  to  q  at  k  -  1. 
To  see  this,  recall  that  did  not  convey  to  q  at  /j  —  1  in  cr  any  atom  with  chain 

k~2 

...  —  p„  —  .S  —  —  .  .  .  —  p,^ 

carry  ing  new  information  to  q.  Thus  p,,  could  certainly  have  transmitted  to 
at  k  -  f  in  <j  without  creating  any  such  inconsistency.  Furthermore,  we  are  not 
introducing  any  new  actual  lie. 

Notice  that  we  are  implicitly  assuming  that  a  processor  r  that  is  ill  at  round  k 
ir.ight  choose  not  to  convey  that  it  detected  at  A:  —  1  that  some  other  processor  p 
was  ill  at  Ic  -  1.  Instead,  r  may  selectively  forward  some  of  the  atoms  it  received 
from  p  at  A'  —  1  to  processors  at  k. 

Fiiiall\'  we  apply  the  pigeonhole  principie  in  order  to  select  a  new  content  in  p 
for  each  of  the  atoms  in  A'(£rjj(i7,  A).  Let  r  stand  for  |A'[crj:](i7,  A)joo.  First,  notice 
that  there  are  2’’  -  2  messages  that  are  strictly  less  than  r  bits  long,  e.xcluding 
of  course  the  empty  message  which  is  never  transmitted  by  a  processor  when  it 
is  healthy.  Second,  for  every  atom  a  €  A'((7i]((7,  A)  there  are  -  1  different 

atoms  a'  carrying  the  same  chain  as  a  and  satisfying  |a'|  <  |a|oo-  But 

—  1)  >  =  2^'^'*!^  >  2^^  —  2, 
a  a 

where  a  is  an  arbitrary  atom  in  A'[crj.]((7,  A).  Thus  there  exists  at  least  one  choice 
of  content  for  the  atoms  in  A'[<r^](g,A)  that  will  make  q  transmit  at  least  r  = 

I A'[crj.j (7.  A)|cc  bits  to  r  at  A  in  p.  This  completes  the  proof.  I 

G  The  Proof  of  Theorem  4 

In  this  appendi.x  we  prove  theorem  4  which  states: 

Theorem  For  every  n  and  t  and  for  every  ck-informative  protocol  with  these 
parameters,  there  exists  a  run  p  of  that  protocol  with  |p|  =  1  in  which  some 
processor  transmits  at  least  c'  bits  at  a  round  in  which  it  is  iiealthy.  for  c  >  1. 

Proof:  By  virtue  of  theorem  3.  it  is  sufficient  to  build  a  run  of  NIP  in  which  •^ome 
processor  transmits  at  least  c'  bits  at  a  round  in  which  it  is  healthy. 

< 

50 


W'e  build  the  following  run:  Let  /  =  [(<—  1)/‘2J.  Let  P2i-i  P2i  be  ill  at  i.  for 

/  —  1 . /.  but  let  them  follow  NIP  there.  p>f+i  will  also  be  ill  at  f  +  1  and  it  will 

also  essentially  follow  NIP,  but  it  will  also  transmit  some  (and  in  fact  many)  actual 

lies.  P2J+1  will  forge  an  actual  lie  at  /  4-  1  for  every  chain  ►  p,;  — ♦  .  . .  —  p,y. 
satisfying  either  p,-^  =  P2j-i  or  pi^  =  P2j,  for  every  7=1,...,/.  Of  course,  there 
are  e.xponentially  (in  t)  many  such  chains. 

For  k  >  2/4-1  and  every  I,  let  p*  be  healthy  at  1.  It  follows  that  (p2/+i./4- 1)  £ 
nc-pseudo-healthy (p^.,  / 4- 1).  Therefore  for  some  choice  of  content  for  these  actual 
lies  each  pk  will  have  to  transmit  at  /  4-  2  exponentially  long  messages  in  order  to 
convey  the  message  it  received  from  P2/+1  at  /  4-  1.  I 

H  The  Proof  of  Theorem  5 

In  this  appendix  we  sketch  the  proof  of  theorem  5  which  states: 

Theorem  For  every  n  and  t  and  for  every  sba-informative  protocol  with  these 
parameters,  there  exists  a  run  of  that  protocol  in  which  some  processor  transmits 
at  least  e‘  bits  at  a  round  in  which  it  is  healthy,  for  c  >  1. 

Proof:  (sketch)  Consider  a  processor  p  that  is  healthy  at  round  /  in  a  run  p  of  an 
sba-informative  protocol.  We  argue  that  p  must  convey  at  I  in  p  its  reduced  view  if 
the  following  situation  holds:  If  p  does  nof  convey  at  I  in  p  its  reduced  view,  then 
there  exists  a  run  p'  that  is  (p,/)-weakly-equivalent  to  p,  so  that  CR{p'](l)  =  0. 

Thus,  in  that  case  the  notions  of  ck-informative  and  sba-informative  coincide. 
Finallv.  we  argue  that  the  segment  in  the  proof  of  theorem  4  satisfies  this  propertv. 
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